Considering your rather old version of nginx coming from Ubuntu packages, I suggest you use the lastest stable, officially available on nginx.org <https://nginx.org/en/linux_packages.html#stable>.
Not related to your issue, but should not hurt (except with regressions ofc ;) ). --- *B. R.* On Thu, Sep 29, 2016 at 3:17 PM, hotwirez <[email protected]> wrote: > Maxim Dounin Wrote: > ------------------------------------------------------- > > Hello! > > > > On Wed, Sep 28, 2016 at 12:44:45PM -0400, hotwirez wrote: > > > > [...] > > > > > I wanted to mention that I've run into this issue as well when > > trying to > > > enable OCSP stapling, where I have a default_deny SSL server that > > has a > > > self-signed certificate where I don't want to use OCSP stapling, and > > other > > > actual server entries for actual sites where I want OCSP stapling > > enabled. > > > If I enable stapling for only the real sites, it appears to be > > silently > > > disabled. If I enable it for all server instances, it notices that > > the > > > default server uses a self-signed certificate and disables stapling. > > If I > > > remove the default server, OCSP stapling works for the remaining > > sites, but > > > then accessing the site using a means other than the correct server > > name > > > provides the SSL certificate for one of the servers. > > > > Problems with OCSP stapling if it is disabled in the default > > server{} block were traced to be an OpenSSL bug, silently fixed in > > 1.0.0m/1.0.1g/1.0.2. See here for details: > > > > https://trac.nginx.org/nginx/ticket/810 > > > > If you see the problem it means you have to update the OpenSSL > > library you are using. > > > Thank you; it's great you tracked that down! I am on OpenSSL 1.0.1f and > Nginx 1.4.6; (Ubuntu 14.04 via apt), so that makes sense. I'll upgrade. > > Thanks again! > > Posted at Nginx Forum: https://forum.nginx.org/read. > php?2,257833,269955#msg-269955 > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
