From 2a7c018dc9d9bf0620fe9f8b56bc36d0ee648877 Mon Sep 17 00:00:00 2001
From: Peter Dave Hello <hsu@peterdavehello.org>
Date: Wed, 2 Dec 2020 15:14:28 +0800
Subject: [PATCH] Enable Apache OCSP stapling (#569)

This will speed up the website loading, and make the website more
reliable to the users when the client fails to connect to the CA for an
OCSP response.

Reference:
- https://en.wikipedia.org/wiki/OCSP_stapling
---
 containers/webserver/httpd-ssl.conf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/containers/webserver/httpd-ssl.conf b/containers/webserver/httpd-ssl.conf
index 6407263..4a11d34 100644
--- a/containers/webserver/httpd-ssl.conf
+++ b/containers/webserver/httpd-ssl.conf
@@ -100,19 +100,19 @@ SSLSessionCacheTimeout  300
 #   How-To for more information.
 #
 #   Enable stapling for all SSL-enabled servers:
-#SSLUseStapling On
+SSLUseStapling On
 
 #   Define a relatively small cache for OCSP Stapling using
 #   the same mechanism that is used for the SSL session cache
 #   above.  If stapling is used with more than a few certificates,
 #   the size may need to be increased.  (AH01929 will be logged.)
-#SSLStaplingCache "shmcb:/usr/local/apache2/logs/ssl_stapling(32768)"
+SSLStaplingCache "shmcb:/usr/local/apache2/logs/ssl_stapling(32768)"
 
 #   Seconds before valid OCSP responses are expired from the cache
-#SSLStaplingStandardCacheTimeout 3600
+SSLStaplingStandardCacheTimeout 3600
 
 #   Seconds before invalid OCSP responses are expired from the cache
-#SSLStaplingErrorCacheTimeout 600
+SSLStaplingErrorCacheTimeout 600
 
 Protocols h2 h2c http/1.1