TLS-Scanner icon indicating copy to clipboard operation
TLS-Scanner copied to clipboard

Published 20 hours ago verified publisher icon tls-attacker

Session recommendations

Open mbrndtgn opened this issue 5 years ago • 2 comments

Some older Apache versions (like 2.4.6 in RHEL / CentOS 7) don't support a limited lifetime for session tickets. This could undermine the forward secrecy for long running processes if session tickets are enabled. In those cases recommending session tickets over session resumption (or even using them at all) probably isn't a good idea.

I'm not really sure how the recommendations could be improved, though. This is probably only a problem with some very specific Apache versions.

mbrndtgn avatar May 02 '19 20:05 mbrndtgn

Thats a fair point, I guess we should also scan for SessionTicket Lifetime hints and adjust the recommendation accordingly

ic0ns avatar May 02 '19 21:05 ic0ns