Session Ticket Rotation
Richard Fussenegger, BSc
richard at fussenegger.info
Mon Oct 6 12:45:41 UTC 2014
On 9/22/2014 2:38 PM, Maxim Dounin wrote:
> On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote:
>> I'd like to implement built-in session ticket rotation. I know that it this
>> was discussed before but it was never implemented. Right now a custom
>> external ticket key system is supported. Admins with single installations
>> and not enough knowledge about the topic are left with keys that are valid
>> for the complete lifetime nginx is running.
> That's not really true: ticket keys are regenerated on each
> configuration reload.
Maxim, just to clarify, will nginx really use a new key (either via
OpenSSL or key files) upon *reload* or only on *restart*?
In other words, this should do, right?
More information about the nginx-devel