[PATCH] Follow OpenSSL's switch from AES128 to AES256 for session tickets
Christian Klinger
c.klinger at lirum.at
Sun Nov 6 21:53:10 UTC 2016
Hi,
On Sat, Nov 05, 2016 at 07:07:23PM -0700, Piotr Sikora wrote:
> Also, considering that recent versions of OpenSSL use AES256 by
> default (i.e. when keys are not provided using
> "ssl_session_ticket_key" directive), we shouldn't provide a way lower
> the security of Session Tickets.
If backward compatibility isn't a thing, the patch gets a bit simpler.
All the better. Let me send and updated variant.
Best regards,
Christian
More information about the nginx-devel
mailing list