opinions about Session tickets
Arnaud Van der Vorst
sbxara at icloud.com
Tue Apr 12 06:32:13 UTC 2016
Good morning,
@Andreas
Thank you for sharing these documents.
I had already read the one from Tim Taubert and had the same concern about
using TLS/SSL Tickets.
Is it a good thing or not?
-----Original Message-----
From: nginx [mailto:nginx-bounces at nginx.org] On Behalf Of A. Schulze
Sent: lundi 11 avril 2016 17:17
To: nginx at nginx.org
Subject: opinions about Session tickets
Maxim Dounin:
> In nginx 1.5.9 the "ssl_session_tickets" directive was added, which
> makes it possible to disable session tickets when needed.
I found these two opinions. They suggest to disable session tickets.
-
https://www.farsightsecurity.com/Blog/20151202-thall-hardening-dh-and-ecc/
-
https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-
resumption-implementations/
what do others think about that?
Andreas
_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list