From 60763d69b1634808e9a7f58e479607f37d73f0db Mon Sep 17 00:00:00 2001
From: Jimmy Zelinskie <jimmy.zelinskie@coreos.com>
Date: Wed, 20 May 2015 16:32:12 -0400
Subject: [PATCH] nginx: support OCSP Stapling

---
 conf/nginx.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 9e3aead80..f04ed663c 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -16,6 +16,8 @@ http {
         ssl on;
         ssl_certificate ./stack/ssl.cert;
         ssl_certificate_key ./stack/ssl.key;
+        ssl_stapling on;
+        ssl_stapling_verify on;
         ssl_session_timeout 5m;
         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
@@ -32,6 +34,8 @@ http {
         ssl on;
         ssl_certificate ./stack/ssl.cert;
         ssl_certificate_key ./stack/ssl.key;
+        ssl_stapling on;
+        ssl_stapling_verify on;
         ssl_session_timeout 5m;
         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
         ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;