Efficient CRL checking at Nginx
mdounin at mdounin.ru
Tue Mar 7 13:36:18 UTC 2017
On Tue, Mar 07, 2017 at 08:18:02AM -0500, alweiss wrote:
> Hi Maxim
> For specific needs, if i don't add the ssl_crl directive to my ssl
> configuration, would nginx just don't check anything or would it issue a
> live query on the url indicated as a crl distribution point in the client
> certificate, introducing high latency ...?
> In other words, how to completely disable.crl checking on client
> authentication ?
CRL checking is only enabled when you explicitly load a CRL using
the ssl_crl directive. That is, CRL checking is disabled by
default, you don't need to do anything to disable it.
More information about the nginx