Mention OCSP stapling in doc

363914c3 · Tatsuhiro Tsujikawa · 1316065c · 363914c3 · 363914c3
Commit 363914c3 authored Mar 31, 2015 by Tatsuhiro Tsujikawa
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 1 deletion

README.rst README.rst +8 -1

doc/nghttpx.h2r doc/nghttpx.h2r +11 -0

No files found.
--- a/README.rst
+++ b/README.rst
@@ -460,7 +460,14 @@ nghttpx - proxy

 ``nghttpx`` is a multi-threaded reverse proxy for ``h2-14``, SPDY and
 HTTP/1.1, and powers http://nghttp2.org and supports HTTP/2 server push.
-It has several operational modes:
+
+``nghttpx`` implements `important performance-oriented features
+<https://istlsfastyet.com/#server-performance>`_ in TLS, such as
+session IDs, session tickets (with automatic key rotation), OCSP
+stapling, dynamic record sizing, ALPN/NPN, forward secrecy and SPDY &
+HTTP/2.
+
+``nghttpx`` has several operational modes:

 ================== ============================ ============== =============
 Mode option        Frontend                     Backend        Note

--- a/doc/nghttpx.h2r
+++ b/doc/nghttpx.h2r
@@ -84,6 +84,17 @@ deletes it.  However, if SIGUSR2 is used to execute new binary and
 both old and new configurations use same filename, new binary does not
 delete the socket and continues to use it.

+OCSP STAPLING
+-------------
+
+OCSP query is done using external perl script ``fetch-ocsp-response``,
+which has been developed as part of h2o project
+(https://github.com/h2o/h2o).
+
+The script file is usually installed under
+``$(prefix)/share/nghttp2/`` directory.  The actual path to script can
+be customized using :option:`--fetch-ocsp-response-file` option.
+
 SEE ALSO
 --------