From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 1 Jun 2015 07:10:52 +0000 (+0200)
Subject: Enable OCSP stapling on jessie
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=6b5309cf417a7c629ae1a44c9420fe686804b626;hp=675120593a8226126e9b4cd2d2d28397fd15354f;p=dsa-puppet.git

Enable OCSP stapling on jessie
---

diff --git a/modules/apache2/templates/puppet-config.erb b/modules/apache2/templates/puppet-config.erb
index fca5a8b4..5aa2c11f 100644
--- a/modules/apache2/templates/puppet-config.erb
+++ b/modules/apache2/templates/puppet-config.erb
@@ -8,5 +8,8 @@
     SSLCipherSuite ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!RC4:!SEED:!DSS
   <% else -%>
     SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!RC4:!SEED:!DSS
+
+    SSLUseStapling On
+    SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_stapling(32768)
   <% end -%>
 </IfModule>