reverseproxy: remove OCSP support
OCSP is getting deprecated in favor CRLs. Lets Encrypt has already removed the OCSP URL in the certs and the OCSP validation server is being decommissioned . https://letsencrypt.org/2024/12/05/ending-ocsp/
This commit is contained in:
Girish Ramakrishnan
@@ -104,12 +104,6 @@ server {
|
||||
add_header Strict-Transport-Security "max-age=63072000";
|
||||
<% } -%>
|
||||
|
||||
<% if ( ocsp ) { -%>
|
||||
# OCSP. LE certs are generated with must-staple flag so clients can enforce OCSP
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
<% } %>
|
||||
|
||||
# https://github.com/twitter/secureheaders
|
||||
# https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#tab=Compatibility_Matrix
|
||||
# https://wiki.mozilla.org/Security/Guidelines/Web_Security
|
||||
|
||||
Reference in New Issue
Block a user