brammp/HomeServerCTs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

CT Nginx: Disable OCSP/ssl_stapling by default

Browse Source 
Disableing this due to LE dropping support for it on May 7th, 2025
This commit is contained in:
Bram Prieshof
2025-01-28 01:41:31 +01:00
parent ea801f672f
commit d56e339443
2 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CT-Files/nginx/Configs/nginx.conf
View File

@@ -37,8 +37,6 @@ http {
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";