[PATCH] SSL: ssl_stapling_valid directive
Maxim Dounin
mdounin at mdounin.ru
Mon Jan 13 15:42:36 UTC 2014
Hello!
On Mon, Jan 13, 2014 at 07:04:11PM +0400, kyprizel wrote:
> So, you going to leave 3600 hardcoded there?
Yes, unless you have some better reasons to make it
configurable.
>
>
> On Mon, Jan 13, 2014 at 6:51 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> > Hello!
> >
> > On Mon, Jan 13, 2014 at 06:08:53PM +0400, kyprizel wrote:
> >
> > > "some cases", for example = you have a lot of users with wrong system
> > time,
> > > so they can't access the server if OCSP responses updated too frequently.
> >
> > This looks like a very-very wrong way to address the problem.
> > Instead of resolving the problem it will hide it on some requests
> > (but not on others), making the problem harder to detect and debug.
> >
> > --
> > Maxim Dounin
> > http://nginx.org/
> >
> > _______________________________________________
> > nginx-devel mailing list
> > nginx-devel at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-devel
> >
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list