The Recommended Mozilla SSL configuration has TLS session tickets
disabled, see
https://ssl-config.mozilla.org/#server=apache&server-version=2.4.39&config=intermediate
The docu says:
TLS session tickets are enabled by default. Using them without
restarting the web server with an appropriate frequency (e.g. daily)
compromises perfect forward secrecy.
Is it still valid that it compromises PFS ?
My advise should be in general to disable it.
Steffen
At Certbot there is also a discussion
https://github.com/certbot/certbot/issues/6901
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
