From 287d1545329943bf09d5126c6bb67506e2455338 Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@debianiste.org>
Date: Fri, 15 Jan 2016 12:13:15 +0100
Subject: [PATCH] SSL strapling on Nginx >= 1.3.7

---
 templates/etc/nginx/helper/ssl-legacy.j2 | 2 ++
 templates/etc/nginx/helper/ssl-strong.j2 | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/templates/etc/nginx/helper/ssl-legacy.j2 b/templates/etc/nginx/helper/ssl-legacy.j2
index e132e28..6033d98 100644
--- a/templates/etc/nginx/helper/ssl-legacy.j2
+++ b/templates/etc/nginx/helper/ssl-legacy.j2
@@ -9,8 +9,10 @@ ssl_session_cache shared:SSL:10m;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;
+{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
 ssl_stapling on;
 ssl_stapling_verify on;
+{% endif %}
 resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
 resolver_timeout {{ nginx_resolver_timeout }};
 ssl_dhparam {{ nginx_dh_path }};
diff --git a/templates/etc/nginx/helper/ssl-strong.j2 b/templates/etc/nginx/helper/ssl-strong.j2
index 1c3a8fe..4c985db 100644
--- a/templates/etc/nginx/helper/ssl-strong.j2
+++ b/templates/etc/nginx/helper/ssl-strong.j2
@@ -9,8 +9,10 @@ ssl_session_cache shared:SSL:10m;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;
+{% if nginx_version.stdout | version_compare('1.3.7', 'ge') %}
 ssl_stapling on;
 ssl_stapling_verify on;
+{% endif %}
 resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
 resolver_timeout {{ nginx_resolver_timeout }};
 ssl_dhparam {{ nginx_dh_path }};