Maxim Dounin:
In nginx 1.5.9 the "ssl_session_tickets" directive was added,
which makes it possible to disable session tickets when needed.
I found these two opinions. They suggest to disable session tickets.
- https://www.farsightsecurity.com/Blog/20151202-thall-hardening-dh-and-ecc/
-
https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/
what do others think about that?
Andreas
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
