Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Disable TLS Session Tickets when using server side session caching

  • Loading branch information...
commit d2e1d86a2f4ea65e2876ff8901f365862f3534e7 1 parent 72fe845
@tmm1 tmm1 authored committed
Showing with 7 additions and 1 deletion.
  1. +7 −1 src/event/ngx_event_openssl.c
8 src/event/ngx_event_openssl.c
@@ -1492,11 +1492,17 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
ngx_log_error_core(NGX_LOG_NOTICE, ssl->log, 0,
"Using an external SSL session cache");
SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session);
+ /* TLS Session Tickets use a random encryption key which is different
+ * per server. Clients will attempt to use this instead of server-side
+ * sessions, defeating the purpose of caching sessions in the first place.
+ */
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TICKET);
if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_cache_index, sc_cfg)
== 0)

0 comments on commit d2e1d86

Please sign in to comment.
Something went wrong with that request. Please try again.