SSL session resumption. SSL Labs test.

António P. P. Almeida appa at perusio.net
Mon Nov 22 04:09:51 MSK 2010


On 21 Nov 2010 22h55 WET, me at luitvd.net wrote:

> On Sun, Nov 21, 2010 at 11:43 PM, António P. P. Almeida
> <appa at perusio.net> wrote:
>> ...
>> Isn't this enough? Can someone more knowledgeable than I in SSL/TLS
>> stuff and Nginx shed some light on this issue? Should I ignore this
>> result?
>
> The case might be that Qualys SSL Labs checks all this against the
> IP address it resolves from the domain you give them. Apply those
> SSL settings to the default server to make this all work there.

You're right I tried with GnuTLS against my localhost that has a
"regular" default_server and it works:

Checking whether the server understands TLS closure alerts... partially
Checking whether the server supports session resumption... yes
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Also in this server there's no setting in the config for
ssl_session_cache. Its using the default value: none.

This means that the problem resides in the way the test is performed?
Can you elaborate a little bit more? 

Thank you,
--- appa




More information about the nginx mailing list