httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: Turn off SSL session tickets
Date Fri, 04 Apr 2014 09:29:55 GMT

Dr Stephen Henson wrote:
> On 10/03/2014 10:22, Plüm, Rüdiger, Vodafone Group wrote:
>> Reading the trunk documentation it seems possible to turn off SSL session tickets
>> SSLOpenSSLConfCmd Options -SessionTicket
>> I assume there are no other options doing so on 2.2.x and 2.4.x, correct?
> A quick grep for the SSL_OP_NO_TICKET flag (which disables tickets) in mod_ssl
> came up empty so yes that is the only way. That should also work with 2.4.x but
> in both cases it requires OpenSSL 1.0.2.

In case someone is interested: I created a patch for 2.2.x that introduces SSLNoTickets:

By default tickets remain on.



View raw message