diff options
| author | vthriller <unixway.drive+git@gmail.com> | 2015-11-18 21:51:18 +0300 |
|---|---|---|
| committer | vthriller <unixway.drive+git@gmail.com> | 2015-11-18 21:51:24 +0300 |
| commit | 19ff6d977d49a8d8dc72d0798758743e34d145e4 (patch) | |
| tree | 0c10fab522f5412bb625c4ba16937aacf46cd8b7 | |
| parent | b682c7b33c0d580361e07c10045f5e9b2a53b8b7 (diff) | |
| download | server-side-tls-19ff6d977d49a8d8dc72d0798758743e34d145e4.zip server-side-tls-19ff6d977d49a8d8dc72d0798758743e34d145e4.tar.gz server-side-tls-19ff6d977d49a8d8dc72d0798758743e34d145e4.tar.bz2 | |
nginx: ssl_session_tickets appeared first in 1.5.9
See http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
Also, replicate OpenSSL version constrain from 'case "apache"'.
| -rw-r--r-- | ssl-config-generator/index.html | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/ssl-config-generator/index.html b/ssl-config-generator/index.html index ada61d8..7ae5798 100644 --- a/ssl-config-generator/index.html +++ b/ssl-config-generator/index.html @@ -54,7 +54,7 @@ server { ssl_certificate_key /path/to/private_key; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; - ssl_session_tickets off; +{{sslSessionTickets}} {{dhparam}} # {{securityProfile}} configuration. tweak to your needs. @@ -299,6 +299,9 @@ frontend ft_test data.listen = ' listen 443;' + '\n' + ' ssl on;'; } + if (isOpenSSLSemVer(data.opensslVersion, ">=0.9.8f") && isSemVer(data.serverVersion, '>=1.5.9')) { + data.sslSessionTickets = ' ssl_session_tickets off;' + } break; case "apache": // http://httpd.apache.org/docs/current/mod/mod_ssl.html |