-
Joshua Tauberer authored
* Set ssl_stapling_verify to off per https://sslmate.com/blog/post/ocsp_stapling_in_apache_and_nginx ('on' has no security benefits). * Set resolver to 127.0.0.1, instead of Google Public DNS, because we might as well use our local nameserver anyway. * Remove the commented line which per the link above would never be necessary anyway. OCSP seems to work just fine after these changes.
47de9396