[PATCH] Follow OpenSSL's switch from AES128 to AES256 for session tickets

Christian Klinger c.klinger at lirum.at
Sun Nov 6 21:53:10 UTC 2016


On Sat, Nov 05, 2016 at 07:07:23PM -0700, Piotr Sikora wrote:
> Also, considering that recent versions of OpenSSL use AES256 by
> default (i.e. when keys are not provided using
> "ssl_session_ticket_key" directive), we shouldn't provide a way lower
> the security of Session Tickets.

If backward compatibility isn't a thing, the patch gets a bit simpler.
All the better. Let me send and updated variant.

Best regards,

More information about the nginx-devel mailing list