Allow nginx ≥1.23.2 ssl_session_tickets

No need to disable session_tickets for 1.23.2+ as encryption keys are now automatically rotated when ssl_session_cache uses shared memory.
mozilla · Oct 6, 2024 · a172281 · a172281
1 parent 6510d66
commit a172281
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/templates/partials/nginx.hbs b/src/templates/partials/nginx.hbs
@@ -30,11 +30,13 @@ server {
     ssl_certificate_key /path/to/private_key;
     ssl_session_timeout 1d;
     ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+{{#unless (minver "1.23.2" form.serverVersion)}}
 {{#if (minver "1.0.2l" form.opensslVersion)}}
   {{#if (minver "1.5.9" form.serverVersion)}}
     ssl_session_tickets off;
   {{/if}}
 {{/if}}
+{{/unless}}
 
 {{#if output.usesDhe}}
     # {{output.dhCommand}} > /path/to/dhparam