tls_certificate = CDIR/server1.example.com/server1.example.com.chain.pem
tls_privatekey = CDIR/server1.example.com/server1.example.com.unlocked.key
-tls_ocsp_file = CDIR/server1.example.com/server1.example.com.ocsp.good.resp
tls_require_ciphers = OPTION
tls_resumption_hosts = 127.0.0.1
logwrite = peer cert subject\t${certextract {subject}{$tls_in_peercert}}
logwrite = peer cert verified\t${tls_in_certificate_verified}
logwrite = peer dn\t${tls_in_peerdn}
- logwrite = ocsp\t${tls_in_ocsp}
logwrite = cipher\t${tls_in_cipher}
logwrite = bits\t${tls_in_bits}
accept
logwrite = peer cert subject\t${certextract {subject}{$tls_out_peercert}}
logwrite = peer cert verified\t${tls_out_certificate_verified}
logwrite = peer dn\t${tls_out_peerdn}
- logwrite = ocsp\t${tls_out_ocsp}
logwrite = cipher\t${tls_out_cipher}
logwrite = bits\t${tls_out_bits}
allow_localhost
hosts = HOSTIPV4
port = PORT_D
+ hosts_try_fastopen = :
tls_verify_certificates = CDIR/CA/CA.pem
tls_verify_cert_hostnames = :
event_action = ${acl {log_resumption}}