From 323d66f2849202737521b56a558f332b673d2f82 Mon Sep 17 00:00:00 2001
From: Melwin Kieffer <melwinkieffer@gmail.com>
Date: Mon, 17 Oct 2016 14:38:23 +0200
Subject: [PATCH] set ssl_session_tickets to off by default

Necessary when other server{} blocks are defined in `/etc/nginx/conf.d/*.conf` without ssl_session_tickets set to off.
See https://community.letsencrypt.org/t/errors-from-browsers-with-ssl-session-tickets-off-nginx/18124/5?u=melwinkfr
Related to #580
---
 nginx.tmpl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nginx.tmpl b/nginx.tmpl
index 9eb9520..e3734c5 100644
--- a/nginx.tmpl
+++ b/nginx.tmpl
@@ -63,6 +63,9 @@ server {
 	return 503;
 }
 
+# Disable TLS Session resumption by default
+ssl_session_tickets off;
+
 {{ if (and (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
 server {
 	server_name _; # This is just an invalid value which will never trigger on a real hostname.