Hello,
I try to migrating from Nginx to Caddy (0.10), But I dont find SSL options to keep the enable same features.
How to enable _Session resumption_ and _HSTS_ ?
Thanks
thibaultmeyer
All 2 comments
For HSTS you can do header / Strict-Transport-Security "max-age=31536000;", see the example here: https://caddyserver.com/docs/header
As for session resumption, it was talked about in this blog post: https://caddyserver.com/blog/caddy-0_8_3-released. I don't know much about this feature so I can't really comment further.
But FYI, questions like this should usually go on the forums if it's not an explicit issue: https://caddy.community/
I'm closing this, but feel free to continue discussing here 馃槃
francislavoie
on 27 Apr 2017
You don't want session resumption by caching, it's not a great idea for servers to be storing that extra state anyway. If it gets compromised, every other client goes down with it. Session resumption by tickets is simpler and safer.
mholt
on 27 Apr 2017
Related issues
ericmdantas
路
3Comments
kilpatty
路
3Comments
lorddaedra
路
3Comments
jgsqware
路
3Comments
billop
路
3Comments
Most helpful comment
For HSTS you can do
header / Strict-Transport-Security "max-age=31536000;", see the example here: https://caddyserver.com/docs/headerAs for session resumption, it was talked about in this blog post: https://caddyserver.com/blog/caddy-0_8_3-released. I don't know much about this feature so I can't really comment further.
But FYI, questions like this should usually go on the forums if it's not an explicit issue: https://caddy.community/
I'm closing this, but feel free to continue discussing here 馃槃