Qualys (ssl labs) results question
Maxim Dounin
mdounin at mdounin.ru
Mon Oct 20 06:24:05 UTC 2014
Hello!
On Sun, Oct 19, 2014 at 07:59:32PM -0400, AJ Weber wrote:
> Looking through the results for my server, I noticed these two lines in the
> "Protocol Details" section:
>
> Session resumption (caching) No (IDs assigned but not accepted)
This means that you have no ssl_session_cache configured, see
http://nginx.org/r/ssl_session_cache.
> Session resumption (tickets) No INTOLERANT
While "No" here may be caused by "ssl_session_tickets off", the
"INTOLERANT" here suggests there is something to do with your
OpenSSL library. By default, session tickets are supported and
should work fine as long they are supported by the OpenSSL library
used.
> Should I change my config to alter these two results (for performance OR
> security)? If so, can anyone identify what config options I should
> add/change?
>
> Also, is there a way to force the "Server hostname" to be a specific FQDN
> (that we use for this server and website)? It seems to return my hosting
> provider's original hostname of the server, even though we use our
> registered host/domain for the site. (And "hostname" cmd in bash returns
> the FQDN we want -- I don't know where ngnix is getting this value.)
The "Server hostname" as reported by SSL Labs test is a result of
a reverse DNS lookup of your server IP address. You have to
edit reverse DNS zone (or, more likely, ask your provider to) if
you want to change it.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list