From 380e40bf74e8748c641bb0b986f733df357d4cef Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sun, 2 May 2021 13:33:06 -0400
Subject: [PATCH] use more granular session ticket key rotation

---
 nginx/nginx.conf | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index ed8d9e67..9b8144d4 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -51,8 +51,10 @@ http {
     ssl_session_cache shared:SSL:10m;
     ssl_session_timeout 1d;
     # maintained by nginx-rotate-session-ticket-keys in ramfs
-    ssl_session_ticket_key /etc/nginx/session-ticket-keys/current.key;
-    ssl_session_ticket_key /etc/nginx/session-ticket-keys/previous.key;
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/4.key;
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/3.key;
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/2.key;
+    ssl_session_ticket_key /etc/nginx/session-ticket-keys/1.key;
     ssl_buffer_size 4k;
 
     ssl_trusted_certificate /etc/letsencrypt/live/grapheneos.org/chain.pem;