Session Ticket Rotation

Maxim Dounin mdounin at mdounin.ru
Mon Oct 6 12:53:29 UTC 2014


Hello!

On Mon, Oct 06, 2014 at 02:45:41PM +0200, Richard Fussenegger, BSc wrote:

> On 9/22/2014 2:38 PM, Maxim Dounin wrote:
> >Hello!
> >
> >On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote:
> >
> >>I'd like to implement built-in session ticket rotation. I know that it this
> >>was discussed before but it was never implemented. Right now a custom
> >>external ticket key system is supported. Admins with single installations
> >>and not enough knowledge about the topic are left with keys that are valid
> >>for the complete lifetime nginx is running.
> >That's not really true: ticket keys are regenerated on each
> >configuration reload.
> Maxim, just to clarify, will nginx really use a new key (either via OpenSSL
> or key files) upon *reload* or only on *restart*?
> 
> In other words, this should do, right?
> https://github.com/Fleshgrinder/nginx-sysvinit-script/blob/master/nginx#L116

Yes, configuration reload is enough.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list