Disable nginx ssl_session_tickets for better security (#16632)

It's default turned on, but it's better to turn it off for security reason. Reference: - https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets - https://github.com/mozilla/server-side-tls/issues/135
author: Peter Dave Hello <hsu@peterdavehello.org> 2021-08-20 15:15:07 +0800
committer: GitHub <noreply@github.com> 2021-08-20 08:15:07 +0100
commit: e03dc3956f8c7c20914775ca1aca19decf61b616 (patch)
tree: 12dfe08e125b48fc61c7580ff5c5386f48e0af24
parent: 9ac7e6fef770c0627c14d704fdf525c9515d6a6c (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/dist/nginx.conf b/dist/nginx.conf
index a0429d2aa..2b260f33c 100644
--- a/dist/nginx.conf
+++ b/dist/nginx.conf
@@ -31,6 +31,7 @@ server {
   ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;
+  ssl_session_tickets off;
 
   # Uncomment these lines once you acquire a certificate:
   # ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
author	Peter Dave Hello <hsu@peterdavehello.org>	2021-08-20 15:15:07 +0800
committer	GitHub <noreply@github.com>	2021-08-20 08:15:07 +0100
commit	e03dc3956f8c7c20914775ca1aca19decf61b616 (patch)
tree	12dfe08e125b48fc61c7580ff5c5386f48e0af24
parent	9ac7e6fef770c0627c14d704fdf525c9515d6a6c (diff)