- nbthread
- node
- numa-cpu-mapping
+ - ocsp-update.maxdelay
+ - ocsp-update.mindelay
- ocsp-update.httpproxy
- ocsp-update.mode
- pidfile
- tune.ssl.lifetime
- tune.ssl.maxrecord
- tune.ssl.ssl-ctx-cache-size
- - tune.ssl.ocsp-update.maxdelay
- - tune.ssl.ocsp-update.mindelay
+ - tune.ssl.ocsp-update.maxdelay (deprecated)
+ - tune.ssl.ocsp-update.mindelay (deprecated)
- tune.vars.global-max-size
- tune.vars.proc-max-size
- tune.vars.reqres-max-size
already specified, for example via the 'cpu-map' directive or the taskset
utility.
-
ocsp-update.httpproxy <address>[:port]
Allow to use an HTTP proxy for the OCSP updates. This only works with HTTP,
HTTPS is not supported. This option will allow the OCSP updater to send
absolute URI in the request to the proxy.
+ocsp-update.maxdelay <number>
+tune.ssl.ocsp-update.maxdelay <number> (deprecated)
+ Sets the maximum interval between two automatic updates of the same OCSP
+ response. This time is expressed in seconds and defaults to 3600 (1 hour). It
+ must be set to a higher value than "ocsp-update.mindelay". See
+ option "ocsp-update" for more information about the auto update mechanism.
+
+ocsp-update.mindelay <number>
+tune.ssl.ocsp-update.mindelay <number> (deprecated)
+ Sets the minimum interval between two automatic updates of the same OCSP
+ response. This time is expressed in seconds and defaults to 300 (5 minutes).
+ It is particularly useful for OCSP response that do not have explicit
+ expiration times. It must be set to a lower value than
+ "ocsp-update.maxdelay". See option "ocsp-update" for more
+ information about the auto update mechanism.
+
ocsp-update.mode [ on | off ]
Sets the default ocsp-update mode for all certificates used in the
configuration. This global option can be superseded by the crt-list
dynamically is expensive, they are cached. The default cache size is set to
1000 entries.
-tune.ssl.ocsp-update.maxdelay <number>
- Sets the maximum interval between two automatic updates of the same OCSP
- response. This time is expressed in seconds and defaults to 3600 (1 hour). It
- must be set to a higher value than "tune.ssl.ocsp-update.mindelay". See
- option "ocsp-update" for more information about the auto update mechanism.
-
-tune.ssl.ocsp-update.mindelay <number>
- Sets the minimum interval between two automatic updates of the same OCSP
- response. This time is expressed in seconds and defaults to 300 (5 minutes).
- It is particularly useful for OCSP response that do not have explicit
- expiration times. It must be set to a lower value than
- "tune.ssl.ocsp-update.maxdelay". See option "ocsp-update" for more
- information about the auto update mechanism.
-
tune.stick-counters <number>
Sets the number of stick-counters that may be tracked at the same time by a
connection or a request via "track-sc*" actions in "tcp-request" or
static struct cfg_kw_list cfg_kws = {ILH, {
#ifndef OPENSSL_NO_OCSP
{ CFG_GLOBAL, "tune.ssl.ocsp-update.maxdelay", ssl_parse_global_ocsp_maxdelay },
+ { CFG_GLOBAL, "ocsp-update.maxdelay", ssl_parse_global_ocsp_maxdelay },
{ CFG_GLOBAL, "tune.ssl.ocsp-update.mindelay", ssl_parse_global_ocsp_mindelay },
+ { CFG_GLOBAL, "ocsp-update.mindelay", ssl_parse_global_ocsp_mindelay },
{ CFG_GLOBAL, "ocsp-update.mode", ssl_parse_global_ocsp_update_mode },
{ CFG_GLOBAL, "ocsp-update.httpproxy", ocsp_update_parse_global_http_proxy },
#endif