nginx and ephemeral Diffie-Hellman keys
is at rambler-co.ru
Sat Jun 14 08:12:11 MSD 2008
On Fri, Jun 13, 2008 at 11:24:04PM +0200, Jauder Ho wrote:
> Igor Sysoev wrote:
> > Yes, nginx allows to reuse sessions.
> > However, you should use cache shared across workers:
> > http://wiki.codemongers.com/NginxHttpSslModule#ssl_session_cache
> Ah yes. I did not see that parameter previously. Enabled..
> >> The other test case would be of premature close (if client closes
> >> connection without sending alert), session must be abandoned and not
> >> reused.
> > No, nginx nevertheless allows to reuse these sessions,
> > otherwise all MSIE connections will require SSL handshake.
> I have not looked closely at the code but do you differentiate between
> SSL and non SSL sessions? That could be one way of figuring which
> session to dump.
What you mean "SSL and non SSL sessions" ? There is no "non SSL sessions"
in SSL terms.
More information about the nginx