1
0
Fork 0
forked from fedi/mastodon

Disable nginx ssl_session_tickets for better security (#16632)

It's default turned on, but it's better to turn it off for security reason.

Reference:
- https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
- https://github.com/mozilla/server-side-tls/issues/135
This commit is contained in:
Peter Dave Hello 2021-08-20 15:15:07 +08:00 committed by GitHub
parent 9ac7e6fef7
commit e03dc3956f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

1
dist/nginx.conf vendored
View file

@ -31,6 +31,7 @@ server {
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Uncomment these lines once you acquire a certificate: # Uncomment these lines once you acquire a certificate:
# ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;