[PATCH] SSL: added support for TLS Session Tickets (RFC5077).
Maxim Dounin
mdounin at mdounin.ru
Thu Oct 3 15:17:24 UTC 2013
Hello!
On Wed, Oct 02, 2013 at 01:47:10AM -0700, Piotr Sikora wrote:
[...]
> > But actually I doubt we at all need an explicit mark for default
> > key. Just using first one for encryption would probably be good
> > enough.
>
> I tend to think that being overly explicit isn't always a bad thing.
> In this particular case, users would need to know that the first key
> on the list is "active/default" while the rest of them is just old
> keys, which is an implementation detail and might not be obvious to
> everybody.
While being explicit is a good thing, this will require (lots of)
custom code in a configuration parsing and subsequent handling.
On the other hand, ngx_conf_set_str_array_slot() should be enough
otherwise.
I don't think the explicitness here deserves custom code it
requires. YMMV.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-devel
mailing list