DTSV/Ansible
1
0
Fork 0
Code Issues Pull Requests Releases Activity

remove deprecated nginx config options

Browse Source 
This commit removes the Nginx configuration options related to OCSP stapling and OCSP Must-Staple.
Let's Encrypt is discontinuing OCSP support in favor of CRLs (Certificate Revocation Lists) to improve privacy and simplify infrastructure.
This commit is contained in:
Oli
2025-07-01 18:06:15 +00:00
parent c818db0f1b
commit e376193480
1 changed files with 1 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/nginx/templates/ssl.conf.j2
View File

@@ -6,12 +6,8 @@
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
ssl_early_data on; ssl_early_data on;
ssl_dhparam {{ nginx_ssl_dhparam }}; ssl_dhparam {{ nginx_ssl_dhparam }};
# OCSP Stapling fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001];
# SSL session handling # SSL session handling
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d; ssl_session_timeout 1d;
ssl_session_tickets off; ssl_session_tickets off;
ssl_buffer_size 4k; ssl_buffer_size 4k;