Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
See mozilla/server-side-tls#135 > proper rotation of session ticket encryption key is not > implemented in nignx or Apache. Thus it is easier to recommend against > its use that suggest use of 3rd party software to fix it. > The problem is not that they are insecure, or that they can't be made > secure. The problem is that the way they are commonly implemented means > that you don't provide forward secrecy if you use them - all encryption > keys are ultimately encrypted with just one encryption key - the session > ticket key. > > see here for more in-depth explanation: > https://www.imperialviolet.org/2013/06/27/botchingpfs.ht
- Loading branch information