Distributed SSL session cache

Piotr Sikora piotr at cloudflare.com
Sat Sep 28 18:14:20 UTC 2013


Hi,

> My patch was designed not to use multiple keyfiles and keynames in nginx
> config so it's able to rotate keys with simple logic, only updating keyfile.

IMHO, that makes the key rollover much harder than it should be, that
is: you need to regenerate keyfile with number of older keys + new one
vs just add new key (and optionally remove some of the old ones).

Best regards,
Piotr Sikora



More information about the nginx-devel mailing list