httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: Turn off SSL session tickets
Date Fri, 04 Apr 2014 09:29:55 GMT


Dr Stephen Henson wrote:
> On 10/03/2014 10:22, Plüm, Rüdiger, Vodafone Group wrote:
>> Reading the trunk documentation it seems possible to turn off SSL session tickets
via
>>
>> SSLOpenSSLConfCmd Options -SessionTicket
>>
>> I assume there are no other options doing so on 2.2.x and 2.4.x, correct?
>>
> 
> A quick grep for the SSL_OP_NO_TICKET flag (which disables tickets) in mod_ssl
> came up empty so yes that is the only way. That should also work with 2.4.x but
> in both cases it requires OpenSSL 1.0.2.

In case someone is interested: I created a patch for 2.2.x that introduces SSLNoTickets:

http://people.apache.org/~rpluem/patches/no_ssl_ticket_2.2.x.diff

By default tickets remain on.

Regards

Rüdiger



Mime
View raw message