Skip to content

Commit

Permalink
Disable nginx ssl_session_tickets for better security
Browse files Browse the repository at this point in the history 
It's default turned on, but it's better to turn it off for security reason.

Reference:
- https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
- mozilla/server-side-tls#135
  • Loading branch information
@PeterDaveHello
PeterDaveHello authored Aug 19, 2021
1 parent ce8f41e commit b802b75
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions dist/nginx.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ server {
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

# Uncomment these lines once you acquire a certificate:
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
Expand Down

0 comments on commit b802b75

Please sign in to comment.