opinions about Session tickets

Arnaud Van der Vorst sbxara at icloud.com
Tue Apr 12 06:32:13 UTC 2016


Good morning,

@Andreas
Thank you for sharing these documents.
I had already read the one from Tim Taubert and had the same concern about
using TLS/SSL Tickets.
Is it a good thing or not?

-----Original Message-----
From: nginx [mailto:nginx-bounces at nginx.org] On Behalf Of A. Schulze
Sent: lundi 11 avril 2016 17:17
To: nginx at nginx.org
Subject: opinions about Session tickets


Maxim Dounin:

> In nginx 1.5.9 the "ssl_session_tickets" directive was added, which 
> makes it possible to disable session tickets when needed.

I found these two opinions. They suggest to disable session tickets.

  -
https://www.farsightsecurity.com/Blog/20151202-thall-hardening-dh-and-ecc/
  -
https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-
resumption-implementations/

what do others think about that?
Andreas


_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list