From 17e758efef07def4f5ac126f2f31bb38878b21f3 Mon Sep 17 00:00:00 2001 From: Erica Portnoy Date: Mon, 26 Aug 2019 17:19:54 -0700 Subject: [PATCH] if we don't know the openssl version, we can't turn off session tickets --- certbot-nginx/certbot_nginx/configurator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/certbot-nginx/certbot_nginx/configurator.py b/certbot-nginx/certbot_nginx/configurator.py index ab92fb421..d2f19bb38 100644 --- a/certbot-nginx/certbot_nginx/configurator.py +++ b/certbot-nginx/certbot_nginx/configurator.py @@ -131,7 +131,7 @@ class NginxConfigurator(common.Installer): def mod_ssl_conf_src(self): """Full absolute path to SSL configuration file source.""" use_tls13 = self.version >= (1, 13, 0) - session_tix_off = self.version >= (1, 5, 9) and + session_tix_off = self.version >= (1, 5, 9) and self.openssl_version and LooseVersion(self.openssl_version) >= LooseVersion('1.0.2l') if use_tls13: