Looking through the results for my server, I noticed these two lines in
the “Protocol Details” section:
Session resumption (caching) No (IDs assigned but not accepted)
Session resumption (tickets) No INTOLERANT
Should I change my config to alter these two results (for performance OR
security)? If so, can anyone identify what config options I should
add/change?
Also, is there a way to force the “Server hostname” to be a specific
FQDN (that we use for this server and website)? It seems to return my
hosting provider’s original hostname of the server, even though we use
our registered host/domain for the site. (And “hostname” cmd in bash
returns the FQDN we want – I don’t know where ngnix is getting this
value.)
This is nginx 1.7.6 on CentOS 6.x.
Thanks in advance!
-AJ
hello,
Session resumption (caching) No (IDs assigned but not
accepted)
Session resumption (tickets) No INTOLERANT
Should I change my config to alter these two results (for performance
OR
security)? If so, can anyone identify what config options I should
add/change?
ssl_session_cache might be useful, please read:
http://nginx.org/en/docs/http/configuring_https_servers.html#optimization
Also, is there a way to force the “Server hostname” to be a specific
FQDN (that we use for this server and website)?
i think you’d need to configure reverse-dns for your site’s name to
point
to that server’s ip, and you must use A-records, not CNAMES; if this
sounds uncommon to you ask your hosting-provider, they should be able to
answer
your questions.
cheers,
mex
Posted at Nginx Forum:
Hello!
On Sun, Oct 19, 2014 at 07:59:32PM -0400, AJ Weber wrote:
Looking through the results for my server, I noticed these two lines in the
“Protocol Details” section:
Session resumption (caching) No (IDs assigned but not accepted)
This means that you have no ssl_session_cache configured, see
Module ngx_http_ssl_module.
Session resumption (tickets) No INTOLERANT
While “No” here may be caused by “ssl_session_tickets off”, the
“INTOLERANT” here suggests there is something to do with your
OpenSSL library. By default, session tickets are supported and
should work fine as long they are supported by the OpenSSL library
used.
Should I change my config to alter these two results (for performance OR
security)? If so, can anyone identify what config options I should
add/change?
Also, is there a way to force the “Server hostname” to be a specific FQDN
(that we use for this server and website)? It seems to return my hosting
provider’s original hostname of the server, even though we use our
registered host/domain for the site. (And “hostname” cmd in bash returns
the FQDN we want – I don’t know where ngnix is getting this value.)
The “Server hostname” as reported by SSL Labs test is a result of
a reverse DNS lookup of your server IP address. You have to
edit reverse DNS zone (or, more likely, ask your provider to) if
you want to change it.
–
Maxim D.
http://nginx.org/