1、首先科普一下什么是OCSP stapling:
2、 Nginx开启OCSP stapling配置:
server
{
listen 80;
listen 443 ssl http2;
server_name oyhdo.com
index index.html index.php index.htm default.php default.htm default.html;
root /www/wwwroot/oyhdo.com/public;
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
ssl_certificate /www/server/panel/vhost/cert/oyhdo.com/fullchain.pem;
ssl_certificate_key /www/server/panel/vhost/oyhdo.com/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
#OCSP stapling配置
ssl_stapling on;
ssl_stapling_verify on;