Browse Source

Remove OCSP stapling

Looks like it was not actually working before and failing silently
because ssl_trusted_certificate was not specified.  Will need to
revisit implementing this functionality so removing it for now
to prevent the warnings logged by nginx now.
Jason Wilder 10 years ago
parent
commit
080a5157e6
2 changed files with 1 additions and 3 deletions
  1. 1 1
      README.md
  2. 0 2
      nginx.tmpl

+ 1 - 1
README.md

@@ -82,7 +82,7 @@ and `CERT_NAME=shared` will then use this shared cert.
 
 
 The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
 The SSL cipher configuration is based on [mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
-Windows XP IE8, Android 2.3, Java 7.  The configuration also enables OCSP stapling, HSTS, and SSL
+Windows XP IE8, Android 2.3, Java 7.  The configuration also enables HSTS, and SSL
 session caches.
 session caches.
 
 
 The behavior for the proxy when port 80 and 443 are exposed is as follows:
 The behavior for the proxy when port 80 and 443 are exposed is as follows:

+ 0 - 2
nginx.tmpl

@@ -96,8 +96,6 @@ server {
 	ssl_prefer_server_ciphers on;
 	ssl_prefer_server_ciphers on;
 	ssl_session_timeout 5m;
 	ssl_session_timeout 5m;
 	ssl_session_cache shared:SSL:50m;
 	ssl_session_cache shared:SSL:50m;
-	ssl_stapling on;
-	ssl_stapling_verify on;
 
 
 	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
 	ssl_certificate /etc/nginx/certs/{{ (printf "%s.crt" $cert) }};
 	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};
 	ssl_certificate_key /etc/nginx/certs/{{ (printf "%s.key" $cert) }};