ssl session id and spdy/http2 traffic

Maxim Dounin mdounin at mdounin.ru
Tue Jun 14 14:28:28 UTC 2016


Hello!

On Mon, Jun 13, 2016 at 03:00:16AM -0400, gitl wrote:

> I have noticed that the variables ssl_session_id and ssl_session_reused are
> always empty for http2 traffic (and for spdy before that). Under http 1.1
> they are set as expected and documented.
> What's the reason for this? Why not list the ID of the single connection
> that is used for the multiplexing?
> A big reason why I am logging both variables is to make sure that ssl
> connections are being reused for http2 and to be able to check if the ssl
> cache
> overruns. If the those two variables are not available, what do you suggest
> to use instead?

The $ssl_session_id and $ssl_session_reused variables are 
available with HTTP/2 much like with normal HTTP.  There are 
couple of nuances though:

- $ssl_session_id is not available when using session tickets, at 
  least till a session is actually reused, see detailed 
  explanation at http://trac.nginx.org/nginx/ticket/927#comment:1;

- in HTTP/2 connections are usually kept open for a long time, and you 
  aren't likely to see actual SSL session reuse due to this - in most 
  cases you will see just another request in an already opened 
  connection.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list