Hi, On Sat, Nov 05, 2016 at 07:07:23PM -0700, Piotr Sikora wrote: > Also, considering that recent versions of OpenSSL use AES256 by > default (i.e. when keys are not provided using > "ssl_session_ticket_key" directive), we shouldn't provide a way lower > the security of Session Tickets.
If backward compatibility isn't a thing, the patch gets a bit simpler. All the better. Let me send and updated variant. Best regards, Christian _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
