Update ssl_early_data configuration
This commit is contained in:
parent
3b270e4657
commit
37dcc6ddde
@ -36,6 +36,9 @@ ssl_session_ticket_key session-ticket-keys/1.key;
|
||||
## ssl_trusted_certificate
|
||||
## ssl_stapling_file
|
||||
|
||||
# Make sure ssl early data is off - replay attack mitigation
|
||||
ssl_early_data off;
|
||||
|
||||
# Cookie flags
|
||||
proxy_cookie_flags ~ secure;
|
||||
|
||||
|
@ -4,7 +4,7 @@
|
||||
# Force http 1.1, anything not supporting it shouldn't be used
|
||||
proxy_http_version 1.1;
|
||||
|
||||
# Replay attack mitigation for early data
|
||||
# Signal to upstream whether ssl_early_data is used
|
||||
proxy_set_header Early-Data $ssl_early_data;
|
||||
|
||||
# Restore visitor IP
|
||||
|
Loading…
x
Reference in New Issue
Block a user