[PATCH] SSL: added support for TLS Session Tickets (RFC5077).

Maxim Dounin mdounin at mdounin.ru
Thu Oct 3 15:17:24 UTC 2013


On Wed, Oct 02, 2013 at 01:47:10AM -0700, Piotr Sikora wrote:


> > But actually I doubt we at all need an explicit mark for default
> > key.  Just using first one for encryption would probably be good
> > enough.
> I tend to think that being overly explicit isn't always a bad thing.
> In this particular case, users would need to know that the first key
> on the list is "active/default" while the rest of them is just old
> keys, which is an implementation detail and might not be obvious to
> everybody.

While being explicit is a good thing, this will require (lots of) 
custom code in a configuration parsing and subsequent handling.  
On the other hand, ngx_conf_set_str_array_slot() should be enough 

I don't think the explicitness here deserves custom code it 
requires.  YMMV. 

Maxim Dounin

More information about the nginx-devel mailing list