Session Ticket Rotation

Richard Fussenegger, BSc richard at fussenegger.info
Thu Oct 9 08:36:10 UTC 2014


Hello Maxim!

On 9/22/2014 2:38 PM, Maxim Dounin wrote:
> Hello!
>
> On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote:
>
> The main problem here is how to share keys between worker
> processes, to ensure different workers will be able to decrypt
> tickets.  So automatic rotation of ticket keys will likely require
> shared SSL session cache to be configured as well, and using a SSL
> session cache to store ticket keys.

Does this mean that a ticket key isn't shared among workers if one is 
using a single nginx instance with e.g. four workers? Or is the sharing 
of that ticket key handled by a single SSL_CTX in OpenSSL?

Richard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20141009/5a662c71/attachment.bin>


More information about the nginx-devel mailing list