Tor involuntarily sets TLS session tickets

This is bad for at least two reasons:

1. performance: It increases the size (~160bytes) of the ChangeCipherSpec message during the handshake; it also makes the server encrypt and hmac the ticket

2. security: It has implications regarding the PFS interval (no immediate security concern here as the server certificates are ephemeral; MAX_SSL_KEY_LIFETIME_INTERNAL = 2h atm) and exposes more attack surface than strictly necessary (Tor doesn't use the tickets in any case: that's why it disables the session-cache)

To disable session-tickets altogether (TLS1+ feature), one should use: SSL_CTX_set_options(... , ...|SSL_OP_NO_TICKET)