Session Ticket Rotation

Richard Fussenegger, BSc richard at fussenegger.info
Mon Oct 6 12:45:41 UTC 2014


On 9/22/2014 2:38 PM, Maxim Dounin wrote:
> Hello!
>
> On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote:
>
>> I'd like to implement built-in session ticket rotation. I know that it this
>> was discussed before but it was never implemented. Right now a custom
>> external ticket key system is supported. Admins with single installations
>> and not enough knowledge about the topic are left with keys that are valid
>> for the complete lifetime nginx is running.
> That's not really true: ticket keys are regenerated on each
> configuration reload.
Maxim, just to clarify, will nginx really use a new key (either via 
OpenSSL or key files) upon *reload* or only on *restart*?

In other words, this should do, right? 
https://github.com/Fleshgrinder/nginx-sysvinit-script/blob/master/nginx#L116

Richard



More information about the nginx-devel mailing list