Scenario:

 

Recently, a website was setup on NGINX with LetsEncrypt for SSL. After all settings while opening the site, the browser refused and popped these errors:

 

Firefox: SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET
Chrome: ERR_SSL_PROTOCOL_ERROR

 

I’ve used the below configuration for SSL on NGINX:

ssl_certificate /etc/letsencrypt/live/rootadminz.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/rootadminz.com/privkey.pem; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_buffer_size 4k;

 


Here’s the solution:

 

The default value needs to be changed from ssl_session_tickets off to ssl_session_tickets on. If you had set this to on then need not to worry as you shouldn’t get the above error message.

 

Now restart the NGINX service:

systemctl restart nginx

 

Done!

Was this answer helpful? 0 Users Found This Useful (0 Votes)