Ssl_session_timeout = 7d

pavlozt · September 8, 2025, 9:37pm

Hello

In the freshly installed Hestiacp I found the following nginx settings:

#SSL PCI compliance

ssl_session_cache shared:SSL:20m;
ssl_session_tickets on;
ssl_session_timeout 7d;

Why is caching set to 7 days?
But maybe I just don’t understand the settings well?How is this related to PCI compliance?

sahsanu · September 8, 2025, 9:51pm

I have no idea why those settings are like that, but for PCI compliance, I would use:

ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
ssl_session_timeout 1h;

pavlozt · September 8, 2025, 10:04pm

I propose to push this rather small change into the source code: