[PATCH] SSL: respect session timeout in configs without session cache.

Maxim Dounin mdounin at mdounin.ru
Thu Oct 10 22:51:11 UTC 2013


Hello!

On Thu, Oct 10, 2013 at 01:17:14PM -0700, Piotr Sikora wrote:

> Hey Maxim,
> 
> > I don't see a real reason for the API change, and direct use of
> > SSL_CTX_set_timeout() in http/mail ssl modules.  What about this
> > instead:
> 
> While your patch fixes the issue, I personally don't like the fact
> that session timeout is being set within code block responsible for
> session cache logic because it simply doesn't belong there.

Huh?

The SSL_CTX_set_timeout is a function which is documented to 
"manipulate timeout values for session caching" [1], and it looks 
quite reasonable for me to be set in a block responsible for 
session cache logic.

I would rather think about TLS Session Tickets as a specific way 
to cache sessions.

[1] http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html

-- 
Maxim Dounin
http://nginx.org/en/donation.html



More information about the nginx-devel mailing list