Dr Stephen Henson wrote: > On 10/03/2014 10:22, Plüm, Rüdiger, Vodafone Group wrote: >> Reading the trunk documentation it seems possible to turn off SSL session >> tickets via >> >> SSLOpenSSLConfCmd Options -SessionTicket >> >> I assume there are no other options doing so on 2.2.x and 2.4.x, correct? >> > > A quick grep for the SSL_OP_NO_TICKET flag (which disables tickets) in mod_ssl > came up empty so yes that is the only way. That should also work with 2.4.x > but > in both cases it requires OpenSSL 1.0.2.
In case someone is interested: I created a patch for 2.2.x that introduces SSLNoTickets: http://people.apache.org/~rpluem/patches/no_ssl_ticket_2.2.x.diff By default tickets remain on. Regards Rüdiger
