Efficient CRL checking at Nginx

Maxim Dounin mdounin at mdounin.ru
Tue Mar 7 13:36:18 UTC 2017


On Tue, Mar 07, 2017 at 08:18:02AM -0500, alweiss wrote:

> Hi Maxim
> For specific needs, if i don't add the ssl_crl directive to my ssl
> configuration, would nginx just don't check anything or would it issue a
> live query on the url indicated as a crl distribution point in the client
> certificate, introducing high latency ...?
> In other words, how to completely disable.crl checking on client
> authentication ?

CRL checking is only enabled when you explicitly load a CRL using 
the ssl_crl directive.  That is, CRL checking is disabled by 
default, you don't need to do anything to disable it.

Maxim Dounin

More information about the nginx mailing list