session ticket key rotation
sca at andreasschulze.de
Thu Jun 22 09:42:12 UTC 2017
B.R. via nginx:
> nginx configuration is parsed/analyzed by nginx master process by design.
> Moreover, TLS configuration is kept at this level if I recall well.
> Thus, the user your master process use needs to have the rights to access
> the specified file.
> To reload nginx configuration, you will indeed need to use SIGHUP, as nginx
> control documentation <https://nginx.org/en/docs/control.html> states.
>> Which process read these files? master or worker?
>> Must it be readable for root only or nginx-user?
OK, looks like master process only read the files.
I changes the mode 0400, ohwner root and at least got no failure after
send SIGUP nginx master process.
>> Must I signal nginx processes the rotation? If yes, how? via SIGHUP?
that's still my open question. which code will use the content of the files
referenced by https://nginx.org/r/ssl_session_ticket_key ?
More information about the nginx