Merge pull request #574 from teohhanhui/ocsp-stapling-chain

Enable OCSP stapling if certificate trust chain is provided
2025-08-24 00:11:55 +00:00 · 2017-08-16 11:53:17 -06:00
parent 817db85aae 065dd7f1ea
commit f05f7a0ff9
3 changed files with 18 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -205,7 +205,7 @@ and `CERT_NAME=shared` will then use this shared cert.
 The SSL cipher configuration is based on the [Mozilla nginx intermediate profile](https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx) which
 should provide compatibility with clients back to Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1,
 Windows XP IE8, Android 2.3, Java 7.  Note that the DES-based TLS ciphers were removed for security.
-The configuration also enables HSTS, PFS, and SSL session caches.  Currently TLS 1.0, 1.1 and 1.2
+The configuration also enables HSTS, PFS, OCSP stapling and SSL session caches.  Currently TLS 1.0, 1.1 and 1.2
 are supported.  TLS 1.0 is deprecated but its end of life is not until June 30, 2018.  It is being 
 included because the following browsers will stop working when it is removed: Chrome < 22, Firefox < 27,
 IE < 11, Safari < 7, iOS < 5, Android Browser < 5.