TLS/SSL Cache Automatic Purge

Lukas Tribus luky-37 at
Tue Apr 12 09:23:15 UTC 2016


> Just to be perfectly clear: does that mean that session tickets are 
> supported for any version of nginx (including <v1.5.9), provided 
> OpenSSL 0.9.8f is available?


> So the directive would be kind of 'intercepting' TLS commands, a man in 
> the middle of client and OpenSSL?

No, the feature [1] sets SSL_OP_NO_TICKET [2], which instructs OpenSSL
to NOT use TLS tickets. By default, OpenSSL uses tickets.

> The only information for ssl_session_timout is “Specifies a time during
> which a client may reuse the session parameters stored in a cache.”
> It does not say anything about purging the TLS/SSL Cache which is my
> concern here.

I don't think the sessions are purged, its probably an LRU.




More information about the nginx mailing list