search

mozilla / ssl-config-generator

Mozilla SSL Configuration Generator
https://ssl-config.mozilla.org/
Mozilla Public License 2.0
358 stars 59 forks source link

Invalid value for ProFTPD 1.3.6 "TLSStaplingCache" directive #100

Closed eomanis closed 8 months ago

eomanis commented 4 years ago

Currently generated:

# requires mod_tls_shmcache
TLSStapling                   on
TLSStaplingCache              "shmcb:logs/ssl_stapling(32768)"

The mod_tls_shmcache module of ProFTPD 1.3.6c does not recognize this value for TLSStaplingCache.

A valid value would e.g. be

TLSStaplingCache              shm:/file=/tmp/proftpd/ocsp_cache

The specified file appears to be used as mutex.

Also, mod_tls_shmcache is not required for TLSStapling on; the comment should be above the TLSStaplingCache directive only.

(mod_tls_shmcache extends mod_tls' functionality so it can use shm:... as values for TLSStaplingCache and TLSSessionCache.)

gene1wood commented 8 months ago

@eomanis Thanks for reporting this. I appreciate it. Fixed in #223 and deployed.