'session_tickets off' option for TLS 1.3

Maxim Dounin mdounin at mdounin.ru
Mon Apr 13 21:52:53 UTC 2020


On Mon, Apr 13, 2020 at 11:40:18PM +0300, Alexander Smirnov wrote:

> I'm working on a project that is completely unrelated to nginx.
> Just found a bug as I thought. Regardless of how common some configuration
> mode is – it should work correctly.
> I don't think that fix for this will somehow significantly change my
> experience with nginx, but I have time to fix it and it doesn't look too
> complex.
> Would be glad to help on this.

As already explained, from nginx point of view there is no bug 
here: "ssl_session_tickets off;" disables stateless tickets, and 
"ssl_session_cache off;" disables session resumption.  Everything 
works correctly.

The fact that in a very specific configuration some meaningless 
SSL messages are sent - is hardly a bug unless there are other 
reasons to think it is, hence I don't think it's a bug from 
OpenSSL point of view either.

Maxim Dounin

More information about the nginx-devel mailing list