From a1722810b9046014f6d313c8b6ba9df6e94b8e40 Mon Sep 17 00:00:00 2001
From: Jan Brasna <1784648+janbrasna@users.noreply.github.com>
Date: Sun, 6 Oct 2024 17:39:21 +0200
Subject: [PATCH] =?UTF-8?q?Allow=20nginx=20=E2=89=A51.23.2=20ssl=5Fsession?=
 =?UTF-8?q?=5Ftickets?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

No need to disable session_tickets for 1.23.2+ as encryption keys are now automatically rotated when ssl_session_cache uses shared memory.
---
 src/templates/partials/nginx.hbs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/templates/partials/nginx.hbs b/src/templates/partials/nginx.hbs
index f29d9c7a..86f0f1b9 100644
--- a/src/templates/partials/nginx.hbs
+++ b/src/templates/partials/nginx.hbs
@@ -30,11 +30,13 @@ server {
     ssl_certificate_key /path/to/private_key;
     ssl_session_timeout 1d;
     ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
+{{#unless (minver "1.23.2" form.serverVersion)}}
 {{#if (minver "1.0.2l" form.opensslVersion)}}
   {{#if (minver "1.5.9" form.serverVersion)}}
     ssl_session_tickets off;
   {{/if}}
 {{/if}}
+{{/unless}}
 
 {{#if output.usesDhe}}
     # {{output.dhCommand}} > /path/to/dhparam