Permalink
Find file Copy path
10fc3a3 Nov 29, 2018
1 contributor

Users who have contributed to this file

19 lines (15 sloc) 780 Bytes
# ----------------------------------------------------------------------
# | Online Certificate Status Protocol stapling |
# ----------------------------------------------------------------------
# OCSP is a lightweight, only one record to help clients verify the
# validity of the server certificate.
# OCSP stapling allow the server to send its cached OCSP record during
# the TLS handshake, whithout the need of 3rd party OCSP responder.
#
# https://wiki.mozilla.org/Security/Server_Side_TLS#OCSP_Stapling
# https://tools.ietf.org/html/rfc6066#section-8
# https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
resolver_timeout 2s;