use more granular session ticket key rotation

2021-05-02 13:33:06 -04:00 · 2021-05-02 13:33:06 -04:00 · 380e40bf74
commit 380e40bf74
parent 0823948133
1 changed files with 4 additions and 2 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -51,8 +51,10 @@ http {
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1d;
    # maintained by nginx-rotate-session-ticket-keys in ramfs
-    ssl_session_ticket_key /etc/nginx/session-ticket-keys/current.key;
-    ssl_session_ticket_key /etc/nginx/session-ticket-keys/previous.key;
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/4.key;
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/3.key;
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/2.key;
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/1.key;
    ssl_buffer_size 4k;

    ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem;