httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r1633730 - /httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
Date Thu, 23 Oct 2014 00:59:40 GMT
Author: trawick
Date: Thu Oct 23 00:59:40 2014
New Revision: 1633730

URL: http://svn.apache.org/r1633730
Log:
add OCSP Stapling configuration, disabled by default

Modified:
    httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in

Modified: httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in?rev=1633730&r1=1633729&r2=1633730&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in (original)
+++ httpd/httpd/trunk/docs/conf/extra/httpd-ssl.conf.in Thu Oct 23 00:59:40 2014
@@ -73,6 +73,31 @@ SSLPassPhraseDialog  builtin
 SSLSessionCache        "shmcb:ssl_scache(512000)"
 SSLSessionCacheTimeout  300
 
+#   OCSP Stapling (requires OpenSSL 0.9.8h or later)
+#
+#   This feature is disabled by default and requires at least
+#   the two directives SSLUseStapling and SSLStaplingCache.
+#   Refer to the documentation on OCSP Stapling in the SSL/TLS
+#   How-To for more information.
+#
+#   Enable stapling for all SSL-enabled servers:
+#SSLUseStapling On
+
+#   Define a relatively small cache for OCSP Stapling using
+#   the same mechanism that is used for the SSL session cache
+#   above.  If stapling is used with more than a few certificates,
+#   the size may need to be increased.  (AH01929 will be logged.)
+#SSLStaplingCache "shmcb:ssl_stapling(32768)"
+
+#   Override the OCSP responder URL specified in the certificate
+#SSLStaplingForceURL http://ocsp.example.com/
+
+#   Seconds before valid OCSP responses are expired from the cache
+#SSLStaplingStandardCacheTimeout 3600
+
+#   Seconds before invalid OCSP responses are expired from the cache
+#SSLStaplingErrorCacheTimeout 600
+
 ##
 ## SSL Virtual Host Context
 ##



Mime
View raw message