lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

add OCSP stapling to nginx.conf

Browse Source 
It's not added in tls.conf, because apparently the mail ssl module
doesnt' support OCSP stapling.

https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
^ exists

https://nginx.org/en/docs/mail/ngx_mail_ssl_module.html#ssl_stapling
^ missing

When the configured certificate doesn't have OCSP information, it'll
just log a warning during startup.
master
lub 4 years ago
parent 550065b043
commit 66db1f8fd0
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
core/nginx/conf/nginx.conf
Unescape Escape View File

@ -58,6 +58,8 @@ http {
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
include /etc/nginx/tls.conf; include /etc/nginx/tls.conf;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_cache shared:SSLHTTP:50m; ssl_session_cache shared:SSLHTTP:50m;
add_header Strict-Transport-Security 'max-age=31536000'; add_header Strict-Transport-Security 'max-age=31536000';

Write Preview
Loading…
Cancel
Save