[PATCH] SSL: respect session timeout in configs without session cache.

Maxim Dounin mdounin at mdounin.ru
Thu Oct 10 22:51:11 UTC 2013


On Thu, Oct 10, 2013 at 01:17:14PM -0700, Piotr Sikora wrote:

> Hey Maxim,
> > I don't see a real reason for the API change, and direct use of
> > SSL_CTX_set_timeout() in http/mail ssl modules.  What about this
> > instead:
> While your patch fixes the issue, I personally don't like the fact
> that session timeout is being set within code block responsible for
> session cache logic because it simply doesn't belong there.


The SSL_CTX_set_timeout is a function which is documented to 
"manipulate timeout values for session caching" [1], and it looks 
quite reasonable for me to be set in a block responsible for 
session cache logic.

I would rather think about TLS Session Tickets as a specific way 
to cache sessions.

[1] http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html

Maxim Dounin

More information about the nginx-devel mailing list