diff --git a/nginx.tmpl b/nginx.tmpl
index 9eb9520..e3734c5 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -63,6 +63,9 @@ server {
 	return 503;
 }
 
+# Disable TLS Session resumption by default
+ssl_session_tickets off;
+
 {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
 	server_name _; # This is just an invalid value which will never trigger on a real hostname.