Distributed SSL session cache
kyprizel at gmail.com
Sun Sep 15 20:51:38 UTC 2013
SSL session tickets are not good enough b/c they don't support modern
cipher modes (like GCM) and they don't work with PFS.
Is it generally possible to implement session lookup in non-blocking way in
If yes - is there any good example of OpenSSL's non-blocking callbacks?
P.S. As an alternative (and I don't like this idea) - we can distribute
sessions to nginx cache via custom-written module, something like it's done
On Sat, Sep 14, 2013 at 11:06 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> On Sat, Sep 14, 2013 at 02:49:49PM +0400, kyprizel wrote:
> > Hi,
> > I'm thinking on design of patch for adding distributed SSL session cache
> > and have a question -
> > is it possible and ok to create keepalive upstream to some storage
> > (memcached/redis/etc), then use it from
> > ngx_ssl_new_session/ngx_ssl_get_cached_session ?
> As far as I remember, OpenSSL doesn't provide a non-blocking
> interface to session lookup (I've just did a quick look though
> code, and it seems I remeber it right). This basically ruins the
> the idea unless you are brave enough to implement needed
> interfaces in OpenSSL.
> I would rather focus on a support for SSL session tickets shared
> between multiple servers.
> Maxim Dounin
> nginx-devel mailing list
> nginx-devel at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx-devel