Update ssl_early_data configuration

This commit is contained in:
Tommy 2025-01-03 23:05:02 -07:00 committed by GitHub
parent 3b270e4657
commit 37dcc6ddde
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 4 additions and 1 deletions

View File

@ -36,6 +36,9 @@ ssl_session_ticket_key session-ticket-keys/1.key;
## ssl_trusted_certificate
## ssl_stapling_file
# Make sure ssl early data is off - replay attack mitigation
ssl_early_data off;
# Cookie flags
proxy_cookie_flags ~ secure;

View File

@ -4,7 +4,7 @@
# Force http 1.1, anything not supporting it shouldn't be used
proxy_http_version 1.1;
# Replay attack mitigation for early data
# Signal to upstream whether ssl_early_data is used
proxy_set_header Early-Data $ssl_early_data;
# Restore visitor IP