Mention OCSP stapling in doc

This commit is contained in:
Tatsuhiro Tsujikawa 2015-03-31 23:31:24 +09:00
parent 1316065c14
commit 363914c3f7
2 changed files with 19 additions and 1 deletions

View File

@ -460,7 +460,14 @@ nghttpx - proxy
``nghttpx`` is a multi-threaded reverse proxy for ``h2-14``, SPDY and ``nghttpx`` is a multi-threaded reverse proxy for ``h2-14``, SPDY and
HTTP/1.1, and powers http://nghttp2.org and supports HTTP/2 server push. HTTP/1.1, and powers http://nghttp2.org and supports HTTP/2 server push.
It has several operational modes:
``nghttpx`` implements `important performance-oriented features
<https://istlsfastyet.com/#server-performance>`_ in TLS, such as
session IDs, session tickets (with automatic key rotation), OCSP
stapling, dynamic record sizing, ALPN/NPN, forward secrecy and SPDY &
HTTP/2.
``nghttpx`` has several operational modes:
================== ============================ ============== ============= ================== ============================ ============== =============
Mode option Frontend Backend Note Mode option Frontend Backend Note

View File

@ -84,6 +84,17 @@ deletes it. However, if SIGUSR2 is used to execute new binary and
both old and new configurations use same filename, new binary does not both old and new configurations use same filename, new binary does not
delete the socket and continues to use it. delete the socket and continues to use it.
OCSP STAPLING
-------------
OCSP query is done using external perl script ``fetch-ocsp-response``,
which has been developed as part of h2o project
(https://github.com/h2o/h2o).
The script file is usually installed under
``$(prefix)/share/nghttp2/`` directory. The actual path to script can
be customized using :option:`--fetch-ocsp-response-file` option.
SEE ALSO SEE ALSO
-------- --------