From 32ecd49c75ea41bb9b51538e78145994e7f5a829 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Mon, 30 Oct 2017 20:14:37 +0100
Subject: [PATCH] Disable OCSP stapling on the default vhost

It can't work since we don't run an OCSP responder.
---
 modules/apache2/templates/default-debian.org-ssl.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/apache2/templates/default-debian.org-ssl.erb b/modules/apache2/templates/default-debian.org-ssl.erb
index 081eb4227..a6fcaa280 100644
--- a/modules/apache2/templates/default-debian.org-ssl.erb
+++ b/modules/apache2/templates/default-debian.org-ssl.erb
@@ -10,6 +10,7 @@
 	SSLCertificateFile     /etc/ssl/debian/certs/thishost-server.crt
 	SSLCertificateKeyFile  /etc/ssl/private/thishost-server.key
 	SSLCertificateChainFile /etc/ssl/debian/certs/ca.crt
+	SSLUseStapling off
 
 	ErrorLog /var/log/apache2/error.log
 	CustomLog /var/log/apache2/access.log privacy
-- 
2.20.1