diff --git a/src/shrpx_connection.cc b/src/shrpx_connection.cc
index 5d4cb88c..196b0ea4 100644
--- a/src/shrpx_connection.cc
+++ b/src/shrpx_connection.cc
@@ -319,7 +319,7 @@ int Connection::tls_handshake() {
     auto ssl_ctx = SSL_get_SSL_CTX(tls.ssl);
     SSL_free(tls.ssl);
 
-    auto ssl = ssl::create_ssl(ssl_ctx);
+    auto ssl = ssl::create_server_ssl(ssl_ctx, nullptr);
     if (!ssl) {
       return -1;
     }
diff --git a/src/shrpx_http2_session.cc b/src/shrpx_http2_session.cc
index ad464c77..036f8d5e 100644
--- a/src/shrpx_http2_session.cc
+++ b/src/shrpx_http2_session.cc
@@ -323,7 +323,7 @@ int Http2Session::initiate_connection() {
       // We are establishing TLS connection.  If conn_.tls.ssl, we may
       // reuse the previous session.
       if (!conn_.tls.ssl) {
-        auto ssl = ssl::create_ssl(ssl_ctx_);
+        auto ssl = ssl::create_client_ssl(ssl_ctx_);
         if (!ssl) {
           return -1;
         }
diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc
index d71b119b..f95c0ad6 100644
--- a/src/shrpx_ssl.cc
+++ b/src/shrpx_ssl.cc
@@ -695,6 +695,7 @@ SSL_CTX *create_ssl_client_context() {
   return ssl_ctx;
 }
 
+namespace {
 SSL *create_ssl(SSL_CTX *ssl_ctx) {
   auto ssl = SSL_new(ssl_ctx);
   if (!ssl) {
@@ -705,6 +706,23 @@ SSL *create_ssl(SSL_CTX *ssl_ctx) {
 
   return ssl;
 }
+} // namespace
+
+SSL *create_server_ssl(SSL_CTX *ssl_ctx, Worker *worker) {
+  auto ssl = create_ssl(ssl_ctx);
+  if (!ssl) {
+    return nullptr;
+  }
+
+  // Disable TLS session ticket if we don't have working ticket keys.
+  if (worker && !worker->get_ticket_keys()) {
+    SSL_set_options(ssl, SSL_OP_NO_TICKET);
+  }
+
+  return ssl;
+}
+
+SSL *create_client_ssl(SSL_CTX *ssl_ctx) { return create_ssl(ssl_ctx); }
 
 ClientHandler *accept_connection(Worker *worker, int fd, sockaddr *addr,
                                  int addrlen) {
@@ -728,7 +746,7 @@ ClientHandler *accept_connection(Worker *worker, int fd, sockaddr *addr,
   SSL *ssl = nullptr;
   auto ssl_ctx = worker->get_sv_ssl_ctx();
   if (ssl_ctx) {
-    ssl = create_ssl(ssl_ctx);
+    ssl = create_server_ssl(ssl_ctx, worker);
     if (!ssl) {
       return nullptr;
     }
diff --git a/src/shrpx_ssl.h b/src/shrpx_ssl.h
index 7fdbbd67..27565cd5 100644
--- a/src/shrpx_ssl.h
+++ b/src/shrpx_ssl.h
@@ -172,7 +172,8 @@ SSL_CTX *setup_client_ssl_context();
 // this function returns nullptr.
 CertLookupTree *create_cert_lookup_tree();
 
-SSL *create_ssl(SSL_CTX *ssl_ctx);
+SSL *create_server_ssl(SSL_CTX *ssl_ctx, Worker *worker);
+SSL *create_client_ssl(SSL_CTX *ssl_ctx);
 
 } // namespace ssl