Distributed SSL session cache

Maxim Dounin mdounin at mdounin.ru
Sat Sep 14 19:06:40 UTC 2013


On Sat, Sep 14, 2013 at 02:49:49PM +0400, kyprizel wrote:

> Hi,
> I'm thinking on design of patch for adding distributed SSL session cache
> and have a question -
> is it  possible and ok to create keepalive upstream to some storage
> (memcached/redis/etc), then use it from
> ngx_ssl_new_session/ngx_ssl_get_cached_session ?

As far as I remember, OpenSSL doesn't provide a non-blocking 
interface to session lookup (I've just did a quick look though 
code, and it seems I remeber it right).  This basically ruins the 
the idea unless you are brave enough to implement needed 
interfaces in OpenSSL.

I would rather focus on a support for SSL session tickets shared 
between multiple servers.

Maxim Dounin

More information about the nginx-devel mailing list