[PATCH] Add ssl_session_ticket option to enable / disable session tickets

Dirkjan Bussink d.bussink at gmail.com
Fri Jan 10 14:49:20 UTC 2014


On 09 Jan 2014, at 17:47, Maxim Dounin <mdounin at mdounin.ru> wrote:

> I tend to think "ssl_session_tickets" (note trailing "s") would be 
> a better name for the directive (and various names in the code 
> should be changed accordingly).
> 
> Additionally, something like "SSL: ssl_session_tickets directive." 
> should be a better summary line.

Alright, I can resubmit the patch with those changes.

> This description probably could be improved a bit, at least from 
> terminology point of view.  Session tickets are not something to 
> be reloaded, it's session ticket keys which should be replaced 
> regularly for better forward secrecy.  And there are at least two 
> ways to do so without restarting nginx - via binary upgrade 
> procedure, or by providing a ticket key file and doing a 
> configuration reload.
> 
> Otherwise looks good.

Yeah, mostly the issue is that with the default settings atm people often end up inadvertently with a setup that isn’t as good as they think it is. I’ll review the wording here and improve it by properly mentioning the ticket key.

I’ll also make sure to refer to the other techniques correctly then.

— 
Dirkjan





More information about the nginx-devel mailing list