gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity

disable ssl_session_tickets 

it's only recently added so is a config error otherwise
This commit is contained in:
AD7six 2014-07-28 14:42:35 +00:00
parent 7295a765ee
commit 72f9509a5e
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
h5bp/directive-only/ssl.conf
View File

@ -13,6 +13,8 @@ ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
ssl_session_timeout 10m; ssl_session_timeout 10m;
# Session tickets appeared in version 1.5.9
#
# nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
# when a restart is performed the previous key is lost, which resets all previous # when a restart is performed the previous key is lost, which resets all previous
# sessions. The fix for this is to setup a manual rotation mechanism: # sessions. The fix for this is to setup a manual rotation mechanism:
@ -20,7 +22,7 @@ ssl_session_timeout 10m;
# #
# Note that you'll have to define and rotate the keys securely by yourself. In absence # Note that you'll have to define and rotate the keys securely by yourself. In absence
# of such infrastructure, consider turning off session tickets: # of such infrastructure, consider turning off session tickets:
ssl_session_tickets off; #ssl_session_tickets off;
# Use a higher keepalive timeout to reduce the need for repeated handshakes # Use a higher keepalive timeout to reduce the need for repeated handshakes
keepalive_timeout 300; # up from 75 secs default keepalive_timeout 300; # up from 75 secs default