SSL session cache lifetime vs session ticket lifetime
kyprizel
kyprizel at gmail.com
Tue Mar 18 11:26:10 UTC 2014
Hi,
currently SSL session lifetime and SSL ticket lifetime are equal in nginx.
If we use session tickets with big enough lifetime (12hrs), we get a lot of
error log messages while allocating new sessions in shared memory:
2014/03/18 13:36:08 [crit] 18730#0: ngx_slab_alloc() failed: no memory in
SSL session shared cache "SSL"
We don't want to increase session cache size b/c working with it is a
blocking operation and I believe it doesn't work good enought in our
network scheme.
As I can see - those messages are generated by ngx_slab_alloc_pages() even
if session was added to the cache after expiration of some old ones.
So, what do you think if we add one more config parameter to split session
cache and session ticket lifetimes?
Thanks.
Regards,
kyprizel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140318/6689a462/attachment.html>
More information about the nginx
mailing list