Hi, I'm a sophomore at Oklahoma State University and I'm taking some online courses for a Computer Science degree. I was given a project to set up a secure web server. After doing some research I decided to go with a LAMP server. Over the last 2 weeks I've got it up and running with one exception which no one I've talked to has been able to help me with. I'm trying to set "SSLSessionTickets Off". As far as everything I've read if your not restarting your server frequently it should be "off" which for some reason Apache dev's have set the default to "on" which compromises perfect forward secrecy. (See here).
With SSLSessionTickets commented out Apache starts with just a few warnings having to do with my self signed cert. With SSLSessionTickets uncommented Apache has a fit and tells me:
* Restarting web server apache2 [fail]
* The apache2 configtest failed.
Output of config test was:
AH00526: Syntax error on line 89 of /etc/apache2/mods-enabled/ssl.conf:
Invalid command 'SSLSessionTickets', perhaps misspelled or defined by a module not included in the server configuration
Action 'configtest' failed.
The Apache error log may have more information.
There's no info in the error.log since Apache fails to start and I can't find any info online.
Ubuntu Server 14.04.2
My ssl.conf file with all the comments removed:
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLProtocol all -SSLv2 -SSLv3
Header always set Strict-Transport-Security "max-age=63072000; incl$
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
I'm pulling an A with this set up from the SSL Labs Server Test if I ignore the T for having a self signed cert. The Invalid command 'SSLSessionTickets' error is ruining my sense of accomplishment. Please take pity on a beginner and point me in the right direction.