Set ssl_session_tickets each virtual host is unable?

malloc813 nginx-forum at forum.nginx.org
Fri Jan 13 00:30:23 UTC 2017


Maxim Dounin Wrote:
-------------------------------------------------------
> Hello!
> 
> On Thu, Jan 12, 2017 at 11:57:58AM -0500, malloc813 wrote:
> 
> > Hi, I tested nginx configuration and got one problem.
> > For example, I made 2 virtual hosts. They are SSL enabled server.
> > 
> > http
> > {
> > #host1
> > server
> > {
> >     ...
> >     ssl_sesstion_tickets off;
> >     ...
> > }
> > 
> > #host2
> > {
> >     ...
> >     ssl_session_tickets on;
> >     ...
> > }
> > 
> > }
> > 
> > Visit host1 after apply this configuration, chrome shows an error
> > ERR_SSL_PROTOCOL_ERROR
> 
> Works fine here.  The ERR_SSL_PROTOCOL_ERROR is likely caused by 
> other problems in the configuration.  First of all try "nginx -t" 
> to see if there are obvious errors in your config.
> 

I saw similar case like this:
https://community.letsencrypt.org/t/errors-from-browsers-with-ssl-session-tickets-off-nginx/18124
I will test this problem with other system.

> > Is it impossible to set ssl_session_tickets differently each 
> virtual host?
> 
> No.
> 
> Session resumption happens in the context of the default server, 
> and it is not possible to have different session cache / session 
> tickets settings in virtual hosts.  In the above configuration 
> session tickets will be off for both servers (assuming they are 
> listening on the same ip/port and the first one is the default).
> 

That means, if I set ssl_session_cache and ssl_session_timeout both of
default server and virtual host, nginx dismiss virtual host's configuration
and use default server's configuration too?

> -- 
> Maxim Dounin
> http://nginx.org/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271971,271976#msg-271976



More information about the nginx mailing list