-
Notifications
You must be signed in to change notification settings - Fork 142
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Ngingx 1.23.2 and newer to support ssl_session_tickets #284
Comments
Thanks! Maybe you can update the title (Ngingx...).
|
Hi @gene1wood When can we expect this config change reflected on https://ssl-config.mozilla.org/ |
@khavishbhundoo We'll need a PR to implement this change, then review and merging. |
@gene1wood I'm happy to propose a PR if there's a consensus on the rules given the baked-in openssl bugfix #134 in mozilla/ssl-config-generator@db419f0 — currently the logic is: openssl <1.0.2l We should probably leave the whole range of openssl 0.9.8f–1.0.2l as-is left enabled (=default/empty) to be on the safe side, and only add a new rule for the combination of: openssl ≥1.0.2l on nginx ≥1.23.2 as either or maybe rather empty again, for a default? (As there are implications of ssl_session_tickets settings to TLSv1.3 sessions, I'd rather leave that empty, than set is to "on"…) Does it make sense that way? |
Please close. This has been fixed above in mozilla/ssl-config-generator#252 |
Nginx 1.23.2 appears to change how
ssl_session_tickets
is handled and as a result perhaps we should change to setting them as enabled.https://nginx.org/en/CHANGES
This was raised in #135
The text was updated successfully, but these errors were encountered: