ssl_ocsp_cache
The `ssl_ocsp_cache` directive configures the caching behavior of OCSP (Online Certificate Status Protocol) responses in NGINX.
Description
The ssl_ocsp_cache directive allows you to specify the caching mechanism for OCSP responses in NGINX. When an OCSP response is received, it can be stored in a cache to reduce the number of requests being sent to the OCSP server, subsequently enhancing performance and reliability. The directive must be set at either the http or server context and requires one argument that defines the caching behavior and duration.
The argument specifies the caching parameters in a format that indicates how long the OCSP responses should be kept in cache. Once this duration expires, the response will be considered stale, and a new request to the OCSP server will be initiated to verify the certificate's revocation status. This is crucial for ensuring that your application has up-to-date status information about the SSL/TLS certificates in use. Properly configuring this directive can significantly improve SSL performance in high-load environments while minimizing the overhead associated with frequent OCSP requests.
It is important to monitor the cache size to ensure it aligns with your server's memory capabilities, as an improperly configured cache can lead to increased latency or memory resource constraints.
Config Example
ssl_ocsp_cache shared:ocsp_cache:10m;
The cache zone must be defined before using this directive; otherwise, it will not work correctly.
If caching is not enabled or the cache size is too small, it may result in excessive OCSP requests, potentially affecting performance.