Good morning, @Andreas Thank you for sharing these documents. I had already read the one from Tim Taubert and had the same concern about using TLS/SSL Tickets. Is it a good thing or not?
-----Original Message----- From: nginx [mailto:[email protected]] On Behalf Of A. Schulze Sent: lundi 11 avril 2016 17:17 To: [email protected] Subject: opinions about Session tickets Maxim Dounin: > In nginx 1.5.9 the "ssl_session_tickets" directive was added, which > makes it possible to disable session tickets when needed. I found these two opinions. They suggest to disable session tickets. - https://www.farsightsecurity.com/Blog/20151202-thall-hardening-dh-and-ecc/ - https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session- resumption-implementations/ what do others think about that? Andreas _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
