[PATCH] SSL: respect session timeout in configs without session cache.
Piotr Sikora
piotr at cloudflare.com
Thu Oct 10 23:49:15 UTC 2013
Hey Maxim,
> Huh?
>
> The SSL_CTX_set_timeout is a function which is documented to
> "manipulate timeout values for session caching" [1], and it looks
> quite reasonable for me to be set in a block responsible for
> session cache logic.
>
> I would rather think about TLS Session Tickets as a specific way
> to cache sessions.
Session cache (server-side) and Session Tickets (client-side) are two
different approaches to do the session resumption. Session timeout (at
least in OpenSSL) applies to both of them, but existing nginx code
(and your patch) calls SSL_CTX_set_timeout() within session cache
(server-side) code block, even though session timeout is used in
setups without session cache (server-side).
But if you disagree with my logic, then feel free to commit your
patch, you're the gatekeeper so I'm fine with that.
> [1] http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html
OpenSSL documentation is terrible and a lot of time outdated, I
wouldn't be surprised if this was written before Session Tickets
support was added.
Best regards,
Piotr Sikora
More information about the nginx-devel
mailing list