From 363914c3f79eaf81e3798129edef430b3e07fbc5 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Tue, 31 Mar 2015 23:31:24 +0900
Subject: [PATCH] Mention OCSP stapling in doc

---
 README.rst      |  9 ++++++++-
 doc/nghttpx.h2r | 11 +++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/README.rst b/README.rst
index 690cd0be..3dee09b4 100644
--- a/README.rst
+++ b/README.rst
@@ -460,7 +460,14 @@ nghttpx - proxy
 
 ``nghttpx`` is a multi-threaded reverse proxy for ``h2-14``, SPDY and
 HTTP/1.1, and powers http://nghttp2.org and supports HTTP/2 server push.
-It has several operational modes:
+
+``nghttpx`` implements `important performance-oriented features
+<https://istlsfastyet.com/#server-performance>`_ in TLS, such as
+session IDs, session tickets (with automatic key rotation), OCSP
+stapling, dynamic record sizing, ALPN/NPN, forward secrecy and SPDY &
+HTTP/2.
+
+``nghttpx`` has several operational modes:
 
 ================== ============================ ============== =============
 Mode option        Frontend                     Backend        Note
diff --git a/doc/nghttpx.h2r b/doc/nghttpx.h2r
index c0a05d7b..9f3cf66b 100644
--- a/doc/nghttpx.h2r
+++ b/doc/nghttpx.h2r
@@ -84,6 +84,17 @@ deletes it.  However, if SIGUSR2 is used to execute new binary and
 both old and new configurations use same filename, new binary does not
 delete the socket and continues to use it.
 
+OCSP STAPLING
+-------------
+
+OCSP query is done using external perl script ``fetch-ocsp-response``,
+which has been developed as part of h2o project
+(https://github.com/h2o/h2o).
+
+The script file is usually installed under
+``$(prefix)/share/nghttp2/`` directory.  The actual path to script can
+be customized using :option:`--fetch-ocsp-response-file` option.
+
 SEE ALSO
 --------