diff options
| author | Vincent Bernat <vincent@bernat.ch> | 2018-08-30 22:33:56 +0200 |
|---|---|---|
| committer | Vincent Bernat <vincent@bernat.ch> | 2018-08-30 22:47:41 +0200 |
| commit | 1251b34b5bbcd11a7a2974df7bada5d6d47b985d (patch) | |
| tree | 329594bc20b6a23ba815d915f8e8b92c04b7bbb3 /pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch | |
| parent | 2a606200bca4f5552f7f28e0f11dfbfedc2aa81a (diff) | |
nixos/nginx: ensure TLS OCSP stapling works out of the box with LE
The recommended TLS configuration comes with `ssl_stapling on` and
`ssl_stapling_verify on`. However, this last directive also requires
the use of `ssl_trusted_certificate` to verify the received answer.
When using `enableACME` or similar, we can help the user by providing
the correct value for the directive.
The result can be tested with:
openssl s_client -connect web.example.com:443 -status 2> /dev/null
Without OCSP stapling, we get:
OCSP response: no response sent
After this change, we get:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Produced At: Aug 30 20:46:00 2018 GMT
Diffstat (limited to 'pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch')
0 files changed, 0 insertions, 0 deletions