Hello!
On Thu, Aug 09, 2012 at 02:37:36PM -0400, eiji-gravion wrote:
> Hello,
>
> I was reading an article written by Adam Langley and he says:
>
> "You also need to be aware of Session Tickets in order to implement
> forward secrecy correctly. There are two ways to resume a TLS
> connection: either the server chooses a random number and both sides
> store the session information, of the server can encrypt the session
> information with a secret, local key and send that to the client. The
> former is called Session IDs and the latter is called Session Tickets.
>
> But Session Tickets are transmitted over the wire and so the server's
> Session Ticket encryption key is capable of decrypting past connections.
> Most servers will generate a random Session Ticket key at startup unless
> otherwise configured, but you should check."
>
> So my question is, how does nginx handle this?
As per OpenSSL default - as long as session tickets are supported
by OpenSSL version you use, random key for session tickets will be
generated automatically on nginx startup.
Maxim Dounin
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx