add OCSP Stapling configuration, disabled by default

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1633730 13f79535-47bb-0310-9956-ffa450edef68
2025-08-20 16:09:55 +00:00 · 2014-10-23 00:59:40 +00:00
parent 10ab77117b
commit a797fdcf70
1 changed files with 25 additions and 0 deletions
--- a/docs/conf/extra/httpd-ssl.conf.in
+++ b/docs/conf/extra/httpd-ssl.conf.in
@ -73,6 +73,31 @@ SSLPassPhraseDialog  builtin
 SSLSessionCache        "shmcb:ssl_scache(512000)"
 SSLSessionCacheTimeout  300

+#   OCSP Stapling (requires OpenSSL 0.9.8h or later)
+#
+#   This feature is disabled by default and requires at least
+#   the two directives SSLUseStapling and SSLStaplingCache.
+#   Refer to the documentation on OCSP Stapling in the SSL/TLS
+#   How-To for more information.
+#
+#   Enable stapling for all SSL-enabled servers:
+#SSLUseStapling On
+
+#   Define a relatively small cache for OCSP Stapling using
+#   the same mechanism that is used for the SSL session cache
+#   above.  If stapling is used with more than a few certificates,
+#   the size may need to be increased.  (AH01929 will be logged.)
+#SSLStaplingCache "shmcb:ssl_stapling(32768)"
+
+#   Override the OCSP responder URL specified in the certificate
+#SSLStaplingForceURL http://ocsp.example.com/
+
+#   Seconds before valid OCSP responses are expired from the cache
+#SSLStaplingStandardCacheTimeout 3600
+
+#   Seconds before invalid OCSP responses are expired from the cache
+#SSLStaplingErrorCacheTimeout 600
+
 ##
 ## SSL Virtual Host Context
 ##