diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index b54472f3..ed8d9e67 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -50,7 +50,9 @@ http {
 
     ssl_session_cache shared:SSL:10m;
     ssl_session_timeout 1d;
-    ssl_session_tickets off;
+    # maintained by nginx-rotate-session-ticket-keys in ramfs
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/current.key;
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/previous.key;
     ssl_buffer_size 4k;
 
     ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem;