Visiting the documentation for the Apache 2.4 mod_ssl
configuration https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslsessiontickets, the following warning is included:
TLS session tickets are enabled by default. Using them without restarting the web server with an appropriate frequency (e.g. daily) compromises perfect forward secrecy.
Until a proper automated key rotation mechanism is built into mod_ssl
it seems like turning session tickets off is sensible. Just add:
SSLSessionTickets off
to the mod_ssl
configuration file located at /etc/apache2/mods-enabled/ssl.conf
.
Instead of session tickets (which offload much of SSL session state info to the client), the ssl session will fallback to session IDs, which are set to be cached by default via the mod_socache_shmcb in the default mod_ssl
configuration.
Here is a good SO post with a bit more info. Once Apache rolls out a key rotation solution that doesn't rely on the apache server being restarted manually every day, it's probably best to turn SSLSessionTickets
back on.