Disabled tls tickets #48
Comments
|
Naturally, tls tickets being enabled will produce 2 different fingerprint values for the same user-agent, for a series of requests. Maybe there's a way I could make this configurable. |
|
Actually there's the same issue with TLS1.3 session resumption. When the client tries to reuse a psk previously delivered by the server, it adds it in the pre_shared_key (41) extension in the subsequent clientHello resulting in two differents fingerprints. SSL_OP_NO_TICKET does not disable psk generation on server side as stated by Maxim Dounin : https://mailman.nginx.org/pipermail/nginx-devel/2020-April/013092.html |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello. We use nginx with tls tickets for session resumption.
In the nginx patch in the line https://github.com/fooinha/nginx-ssl-ja3/blob/master/patches/nginx.1.23.1.ssl.extensions.patch#L8 ticket support explicitly disabled
Tell me for what and will the module with enabled tls tickets work normally?
Thanks in advance
The text was updated successfully, but these errors were encountered: