[PATCH] SSL: respect session timeout in configs without session cache.
Maxim Dounin
mdounin at mdounin.ru
Thu Oct 10 22:51:11 UTC 2013
Hello!
On Thu, Oct 10, 2013 at 01:17:14PM -0700, Piotr Sikora wrote:
> Hey Maxim,
>
> > I don't see a real reason for the API change, and direct use of
> > SSL_CTX_set_timeout() in http/mail ssl modules. What about this
> > instead:
>
> While your patch fixes the issue, I personally don't like the fact
> that session timeout is being set within code block responsible for
> session cache logic because it simply doesn't belong there.
Huh?
The SSL_CTX_set_timeout is a function which is documented to
"manipulate timeout values for session caching" [1], and it looks
quite reasonable for me to be set in a block responsible for
session cache logic.
I would rather think about TLS Session Tickets as a specific way
to cache sessions.
[1] http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-devel
mailing list