Qualys (ssl labs) results question

Maxim Dounin mdounin at mdounin.ru
Mon Oct 20 06:24:05 UTC 2014


On Sun, Oct 19, 2014 at 07:59:32PM -0400, AJ Weber wrote:

> Looking through the results for my server, I noticed these two lines in the
> "Protocol Details" section:
>     Session resumption (caching)    No (IDs assigned but not accepted)

This means that you have no ssl_session_cache configured, see 

>     Session resumption (tickets)    No   INTOLERANT

While "No" here may be caused by "ssl_session_tickets off", the 
"INTOLERANT" here suggests there is something to do with your 
OpenSSL library.  By default, session tickets are supported and 
should work fine as long they are supported by the OpenSSL library 

> Should I change my config to alter these two results (for performance OR
> security)?  If so, can anyone identify what config options I should
> add/change?
> Also, is there a way to force the "Server hostname" to be a specific FQDN
> (that we use for this server and website)?  It seems to return my hosting
> provider's original hostname of the server, even though we use our
> registered host/domain for the site.  (And "hostname" cmd in bash returns
> the FQDN we want -- I don't know where ngnix is getting this value.)

The "Server hostname" as reported by SSL Labs test is a result of 
a reverse DNS lookup of your server IP address.  You have to 
edit reverse DNS zone (or, more likely, ask your provider to) if 
you want to change it.

Maxim Dounin

More information about the nginx mailing list