Original link: https://blog.star7th.com/2022/05/2453.html
In some cases, iphone users accessing our (webmaster) https website will be slow, stuck or even unresponsive. If the user network problem and the website service itself are ruled out, it is likely to be related to the https certificate.
By default, when the client accesses the https site, it will try to check the validity of the certificate from the OCSP server. Because the server of Let’s Encrypt OCSP is abroad, it takes too long to check the validity of the certificate. In this case, we can consider turning on the server OCSP Stapling to speed up the speed, which means that the client does not check the validity, but the server checks.
The following is an example of nginx configuration OCSP Stapling.
server { listen 443 ssl ; ssl_certificate /root/star7th.com/fullchain.cer; ssl_certificate_key /root/star7th.com/star7th.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; # 开启OCSP Stapling ---当客户端访问时NginX 将去指定的证书中查找OCSP 服务的地址, ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 202.96.134.133 valid=300s; resolver_timeout 2s; ssl_trusted_certificate /root/star7th.com/fullchain.cer; ssl_session_cache shared:SSL:50m; ssl_session_timeout 180m; server_name blog.star7th.com; root /www/; index index.html index.php index.htm; charset utf8; # 编码}
This article is reprinted from: https://blog.star7th.com/2022/05/2453.html
This site is for inclusion only, and the copyright belongs to the original author.