Distributed SSL session cache

kyprizel kyprizel at gmail.com
Sat Sep 28 17:53:23 UTC 2013


Piotr, thanks for the share! Will your patch be accepted to the main tree
or I've a chance? ;)

My patch was designed not to use multiple keyfiles and keynames in nginx
config so it's able to rotate keys with simple logic, only updating keyfile.



On Sat, Sep 28, 2013 at 2:03 PM, Piotr Sikora <piotr at cloudflare.com> wrote:

> Hi,
>
> > Ok, made some kind of patch, testing it now:
> > https://github.com/kyprizel/nginx_ssl_ticket_keys
> >
> > Not sure about server behaviour in case of invalid key file - should it
> be
> > emergency or alert only.
>
> I've just pushed code that's been sitting in my tree for the last few
> months:
> http://mailman.nginx.org/pipermail/nginx-devel/2013-September/004290.html
>
> It's rather thoroughly tested, but it handles key rollover in
> different fashion than your code (multiple files with a single session
> key each vs single file with multiple session keys).
>
> Hopefully, it will be helpful.
>
> Best regards,
> Piotr Sikora
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20130928/2008b076/attachment.html>


More information about the nginx-devel mailing list