[PATCH] SSL: added support for TLS Session Tickets (RFC5077).

Maxim Dounin mdounin at mdounin.ru
Thu Oct 3 15:17:24 UTC 2013


Hello!

On Wed, Oct 02, 2013 at 01:47:10AM -0700, Piotr Sikora wrote:

[...]

> > But actually I doubt we at all need an explicit mark for default
> > key.  Just using first one for encryption would probably be good
> > enough.
> 
> I tend to think that being overly explicit isn't always a bad thing.
> In this particular case, users would need to know that the first key
> on the list is "active/default" while the rest of them is just old
> keys, which is an implementation detail and might not be obvious to
> everybody.

While being explicit is a good thing, this will require (lots of) 
custom code in a configuration parsing and subsequent handling.  
On the other hand, ngx_conf_set_str_array_slot() should be enough 
otherwise.

I don't think the explicitness here deserves custom code it 
requires.  YMMV. 

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-devel mailing list