Disable SSLSessionTickets in Apache2
Mozilla's server-side TLS guidelines suggest setting SSLSessionTickets off
(default is on
) in Apache2 because session key rotation isn't handled properly and weakens security properties of TLS connections.
There's a small performance cost, but we'd only pay it for TLS <=1.2 connections, since TLS 1.3 did away with TLS session tickets altogether.