Distributed SSL session cache
Maxim Dounin
mdounin at mdounin.ru
Sat Sep 14 19:06:40 UTC 2013
Hello!
On Sat, Sep 14, 2013 at 02:49:49PM +0400, kyprizel wrote:
> Hi,
> I'm thinking on design of patch for adding distributed SSL session cache
> and have a question -
> is it possible and ok to create keepalive upstream to some storage
> (memcached/redis/etc), then use it from
> ngx_ssl_new_session/ngx_ssl_get_cached_session ?
As far as I remember, OpenSSL doesn't provide a non-blocking
interface to session lookup (I've just did a quick look though
code, and it seems I remeber it right). This basically ruins the
the idea unless you are brave enough to implement needed
interfaces in OpenSSL.
I would rather focus on a support for SSL session tickets shared
between multiple servers.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-devel
mailing list