Session Ticket Rotation
Richard Fussenegger, BSc
richard at fussenegger.info
Mon Oct 6 12:45:41 UTC 2014
On 9/22/2014 2:38 PM, Maxim Dounin wrote:
> Hello!
>
> On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote:
>
>> I'd like to implement built-in session ticket rotation. I know that it this
>> was discussed before but it was never implemented. Right now a custom
>> external ticket key system is supported. Admins with single installations
>> and not enough knowledge about the topic are left with keys that are valid
>> for the complete lifetime nginx is running.
> That's not really true: ticket keys are regenerated on each
> configuration reload.
Maxim, just to clarify, will nginx really use a new key (either via
OpenSSL or key files) upon *reload* or only on *restart*?
In other words, this should do, right?
https://github.com/Fleshgrinder/nginx-sysvinit-script/blob/master/nginx#L116
Richard
More information about the nginx-devel
mailing list