From 72f9509a5e1b104c87fbf93a378778a5b5888640 Mon Sep 17 00:00:00 2001 From: AD7six Date: Mon, 28 Jul 2014 14:42:35 +0000 Subject: [PATCH] disable ssl_session_tickets it's only recently added so is a config error otherwise --- h5bp/directive-only/ssl.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/h5bp/directive-only/ssl.conf b/h5bp/directive-only/ssl.conf index 5df06a9..819ff40 100644 --- a/h5bp/directive-only/ssl.conf +++ b/h5bp/directive-only/ssl.conf @@ -13,6 +13,8 @@ ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions ssl_session_timeout 10m; +# Session tickets appeared in version 1.5.9 +# # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and # when a restart is performed the previous key is lost, which resets all previous # sessions. The fix for this is to setup a manual rotation mechanism: @@ -20,7 +22,7 @@ ssl_session_timeout 10m; # # Note that you'll have to define and rotate the keys securely by yourself. In absence # of such infrastructure, consider turning off session tickets: -ssl_session_tickets off; +#ssl_session_tickets off; # Use a higher keepalive timeout to reduce the need for repeated handshakes keepalive_timeout 300; # up from 75 secs default