mirror of
https://github.com/thib8956/nginx-proxy
synced 2024-11-22 03:46:29 +00:00
Enable OCSP stapling if certificate trust chain is provided
Previously disabled in 080a5157e6
This commit is contained in:
parent
0cc71fad49
commit
dfe7677eb5
@ -206,7 +206,7 @@ and `CERT_NAME=shared` will then use this shared cert.
|
||||
The SSL cipher configuration is based on the [Mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
|
||||
should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
|
||||
Windows XP IE8, Android 2.3, Java 7. Note that the DES-based TLS ciphers were removed for security.
|
||||
The configuration also enables HSTS, PFS, and SSL session caches. Currently TLS 1.0, 1.1 and 1.2
|
||||
The configuration also enables HSTS, PFS, OCSP stapling and SSL session caches. Currently TLS 1.0, 1.1 and 1.2
|
||||
are supported. TLS 1.0 is deprecated but its end of life is not until June 30, 2018. It is being
|
||||
included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
|
||||
IE < 11, Safari < 7, iOS < 5, Android Browser < 5.
|
||||
|
Loading…
Reference in New Issue
Block a user