security.acme.defaults.ocspMustStaple

Turns on the OCSP Must-Staple TLS extension. Make sure you know what you're doing! See:

• https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/
• https://blog.hboeck.de/archives/886-The-Problem-with-OCSP-Stapling-and-Must-Staple-and-why-Certificate-Revocation-is-still-broken.html

Type

boolean

Default

false

Declared

<nixpkgs/nixos/modules/security/acme>