ssl_session_timeout issues
A. Schulze
sca at andreasschulze.de
Mon Mar 6 11:39:56 UTC 2017
Nomad Worker:
> I read the code of ssl module, the directive ssl_session_timeout seems only
> used for ssl session cache, not for ssl session ticket.
> the document describes the directive as 'Specifies a time during which a
> client may reuse the session parameters.' Is it not exactly?
> Is there any timeout for ssl session ticket ?
or more general: is the usage of ssl session tickets suggested at all?
these two links motivated me to set "ssl_session_tickets off"
- https://www.farsightsecurity.com/Blog/20151202-thall-hardening-dh-and-ecc/
-
https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/
What are others opinions?
Andreas
More information about the nginx
mailing list