httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: SSLUseStapling: ssl handshake fails until httpd restart
Date Wed, 30 Sep 2015 06:42:26 GMT
On 29.09.2015 18:24, Reindl Harald wrote:
> i just restarted the servers and disabled stapling since all our 
> servcies where unreachable (before i write the second mail 5 different 
> hosts with several sites where affected)
> 
> in fact the error caching does more harm than benefits - IHMO a better 
> "could not reach OCSP server or received a error from it" caching would 
> be just temporary disable stapling for 10 minutes instead lead in 
> connections fail even from clients which have disabled OCSP completly
> 
>>> firefox refused to open our adminpanel with the error below until i
>>> restarted httpd

The default for SSLStaplingReturnResponderErrors is relatively odd.
Not sure why it has always defaulted to "on" (r829619), but setting it
to off should save you further troubles with Firefox clients.

Kaspar

Mime
View raw message