TLS/SSL Cache Automatic Purge
Arnaud Van der Vorst
sbxara at icloud.com
Tue Apr 12 06:30:23 UTC 2016
The only information for ssl_session_timout is “Specifies a time during which a client may reuse the session parameters stored in a cache.” It does not say anything about purging the TLS/SSL Cache which is my concern here.
I have read that invalidating a TLS/SSL Session and purging the TLS/SSL Cache are two separate things.
From: nginx [mailto:nginx-bounces at nginx.org] On Behalf Of B.R.
Sent: lundi 11 avril 2016 22:15
To: nginx ML <nginx at nginx.org>
Subject: Re: TLS/SSL Cache Automatic Purge
Just to be perfectly clear: does that mean that session tickets are supported for any version of nginx (including <v1.5.9), provided OpenSSL 0.9.8f is available?
So the directive would be kind of 'intercepting' TLS commands, a man in the middle of client and OpenSSL?
I guess the docs <http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout> have all your answers.
On Mon, Apr 11, 2016 at 3:31 PM, Maxim Dounin <mdounin at mdounin.ru <mailto:mdounin at mdounin.ru> > wrote:
On Mon, Apr 11, 2016 at 01:23:02PM +0200, B.R. wrote:
> On a side-note, by default nginx does not store session parameters as it
> prefers tickets
> supported since v1.5.9, over sessions ID.
Session tickets supported as long as OpenSSL version used supports
them, that is, with OpenSSL 0.9.8f or later.
In nginx 1.5.9 the "ssl_session_tickets" directive was added,
which makes it possible to disable session tickets when needed.
nginx mailing list
nginx at nginx.org <mailto:nginx at nginx.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx