[root@localhost:~]$ cat /etc/trafficserver/ssl_multicert.configssl_cert_name=thelounge.net.pem ssl_ca_name=godaddy_ca_sha256.crt ssl_ticket_enabled=0
https://www.ssllabs.com/ssltest/ Session resumption (caching) Yes Session resumption (tickets) Yes SSL 2 handshake compatibility No(the ssl 2 handshake compatibility needs to be fixed too for some client like "ab" the apache benchmark tool)
_______________________________the today release of httpd introduces an option for that and it's description says for me "no i do not want to restart services daily"
with Off https://www.ssllabs.com/ssltest/ says correctly Session resumption (caching) Yes Session resumption (tickets) Nomod_ssl: New directive SSLSessionTickets (On|Off). The directive controls the use of TLS session tickets (RFC 5077), default value is "On" (unchanged behavior). Session ticket creation uses a random key created during web server startup and recreated during restarts. No other key recreation mechanism is available currently. Therefore using session tickets without restarting the web server with an appropriate frequency (e.g. daily) compromises perfect forward secrecy. [Rainer Jung]
signature.asc
Description: OpenPGP digital signature
