diff --git a/nginx.tmpl b/nginx.tmpl
index a5b1d32..da7639e 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -82,6 +82,9 @@ server {
 	return 503;
 }
 
+# Disable TLS Session resumption by default
+ssl_session_tickets off;
+
 {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
 	server_name _; # This is just an invalid value which will never trigger on a real hostname.