Session Ticket Rotation
Richard Fussenegger, BSc
richard at fussenegger.info
Thu Oct 9 08:36:10 UTC 2014
On 9/22/2014 2:38 PM, Maxim Dounin wrote:
> On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote:
> The main problem here is how to share keys between worker
> processes, to ensure different workers will be able to decrypt
> tickets. So automatic rotation of ticket keys will likely require
> shared SSL session cache to be configured as well, and using a SSL
> session cache to store ticket keys.
Does this mean that a ticket key isn't shared among workers if one is
using a single nginx instance with e.g. four workers? Or is the sharing
of that ticket key handled by a single SSL_CTX in OpenSSL?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4237 bytes
Desc: S/MIME Cryptographic Signature
More information about the nginx-devel