[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-dev
Subject:    Re: SSLUseStapling: ssl handshake fails until httpd restart
From:       Kaspar Brand <httpd-dev.2014 () velox ! ch>
Date:       2015-09-30 6:42:26
Message-ID: 560B8452.5070800 () velox ! ch
[Download RAW message or body]

On 29.09.2015 18:24, Reindl Harald wrote:
> i just restarted the servers and disabled stapling since all our 
> servcies where unreachable (before i write the second mail 5 different 
> hosts with several sites where affected)
> 
> in fact the error caching does more harm than benefits - IHMO a better 
> "could not reach OCSP server or received a error from it" caching would 
> be just temporary disable stapling for 10 minutes instead lead in 
> connections fail even from clients which have disabled OCSP completly
> 
>>> firefox refused to open our adminpanel with the error below until i
>>> restarted httpd

The default for SSLStaplingReturnResponderErrors is relatively odd.
Not sure why it has always defaulted to "on" (r829619), but setting it
to off should save you further troubles with Firefox clients.

Kaspar
[prev in list] [next in list] [prev in thread] [next in thread]