You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Plüm,
Rüdiger,
Vodafone Group <ru...@vodafone.com> on 2014/03/10 11:22:14 UTC
Turn off SSL session tickets
Reading the trunk documentation it seems possible to turn off SSL session tickets via
SSLOpenSSLConfCmd Options -SessionTicket
I assume there are no other options doing so on 2.2.x and 2.4.x, correct?
Regards
Rüdiger
Re: Turn off SSL session tickets
Posted by Ruediger Pluem <rp...@apache.org>.
Dr Stephen Henson wrote:
> On 10/03/2014 10:22, Plüm, Rüdiger, Vodafone Group wrote:
>> Reading the trunk documentation it seems possible to turn off SSL session tickets via
>>
>> SSLOpenSSLConfCmd Options -SessionTicket
>>
>> I assume there are no other options doing so on 2.2.x and 2.4.x, correct?
>>
>
> A quick grep for the SSL_OP_NO_TICKET flag (which disables tickets) in mod_ssl
> came up empty so yes that is the only way. That should also work with 2.4.x but
> in both cases it requires OpenSSL 1.0.2.
In case someone is interested: I created a patch for 2.2.x that introduces SSLNoTickets:
http://people.apache.org/~rpluem/patches/no_ssl_ticket_2.2.x.diff
By default tickets remain on.
Regards
Rüdiger
Re: Turn off SSL session tickets
Posted by Dr Stephen Henson <sh...@opensslfoundation.com>.
On 10/03/2014 10:22, Plüm, Rüdiger, Vodafone Group wrote:
> Reading the trunk documentation it seems possible to turn off SSL session tickets via
>
> SSLOpenSSLConfCmd Options -SessionTicket
>
> I assume there are no other options doing so on 2.2.x and 2.4.x, correct?
>
A quick grep for the SSL_OP_NO_TICKET flag (which disables tickets) in mod_ssl
came up empty so yes that is the only way. That should also work with 2.4.x but
in both cases it requires OpenSSL 1.0.2.
Steve.
--
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shenson@opensslfoundation.com