[PATCH] Keepalive: add new option "keepalive_ssl_respect_sni"

geniuss99 geniuss.dev at gmail.com
Tue Mar 16 14:42:01 UTC 2021


Hi.

> SSL sessions are cached in the context of the upstream{} block (or an implicit upstream when using an IP address or a DNS name)
Oh, I didn't think of that. I guess this can be solved by patching the
ngx_http_upstream_round_robin module and saving many sessions per each
upstream peer.

> No, thank you. The issues as observed in the tickets linked should be resolved by using distinct upstream blocks instead.
So what was the reason you rejected the previous patch? Was it because
of breaking ssl sessions caching mechanism?
Or you just didn't see it fit for nginx from the design
(architectural) point of view?

Thanks.


More information about the nginx-devel mailing list