[PATCH] Documented automatic rotation of TLS session ticket keys

Yaroslav Zhuravlev yar at nginx.com
Thu Oct 13 18:41:25 UTC 2022 


> On 4 Oct 2022, at 15:22, Sergey Kandaurov <pluknet at nginx.com> wrote:
> 
>> 
>> On 4 Oct 2022, at 00:17, Yaroslav Zhuravlev <yar at nginx.com> wrote:
>> 
>> xml/en/docs/http/ngx_http_ssl_module.xml |  5 ++++-
>> xml/ru/docs/http/ngx_http_ssl_module.xml |  5 ++++-
>> 2 files changed, 8 insertions(+), 2 deletions(-)
>> 
>> 
>> # HG changeset patch
>> # User Yaroslav Zhuravlev <yar at nginx.com>
>> # Date 1664828002 -3600
>> #      Mon Oct 03 21:13:22 2022 +0100
>> # Node ID 547c4be44f0db08923b7dd33bca262d009219a3a
>> # Parent  9708787aafc70744296baceb2aa0092401a4ef34
>> Documented automatic rotation of TLS session ticket keys.
>> 
>> diff --git a/xml/en/docs/http/ngx_http_ssl_module.xml b/xml/en/docs/http/ngx_http_ssl_module.xml
>> --- a/xml/en/docs/http/ngx_http_ssl_module.xml
>> +++ b/xml/en/docs/http/ngx_http_ssl_module.xml
>> @@ -10,7 +10,7 @@
>> <module name="Module ngx_http_ssl_module"
>>        link="/en/docs/http/ngx_http_ssl_module.html"
>>        lang="en"
>> -        rev="58">
>> +        rev="59">
>> 
>> <section id="summary">
>> 
>> @@ -690,6 +690,9 @@
>> about 4000 sessions.
>> Each shared cache should have an arbitrary name.
>> A cache with the same name can be used in several virtual servers.
>> +In shared cache,
> 
> This part looks redundant, as it's already dedicated to shared cache.
> 
>> +TLS session ticket keys
>> +are automatically generated, stored, and periodically rotated.
> 
> - missed <appeared-in>
> - need to clarify relationship with ssl_session_ticket_key, e.g.:
> 
> Additionally, TLS session ticket keys
> are automatically generated, stored, and periodically rotated
> unless explicitly configured using the
> <link id="ssl_session_ticket_key"/> directive (1.23.2).
> 
> [..]

Thank you, the patch updated:

# HG changeset patch
# User Yaroslav Zhuravlev <yar at nginx.com>
# Date 1665685813 -3600
#      Thu Oct 13 19:30:13 2022 +0100
# Node ID 6dfa05c1a12ac43bdc89fa999509a5dcc879db4d
# Parent  3cd9ec612c4a982ca1b74a7f5adc24bc69025483
Documented automatic rotation of TLS session ticket keys.

diff --git a/xml/en/docs/http/ngx_http_ssl_module.xml b/xml/en/docs/http/ngx_http_ssl_module.xml
--- a/xml/en/docs/http/ngx_http_ssl_module.xml
+++ b/xml/en/docs/http/ngx_http_ssl_module.xml
@@ -10,7 +10,7 @@
 <module name="Module ngx_http_ssl_module"
         link="/en/docs/http/ngx_http_ssl_module.html"
         lang="en"
-        rev="58">
+        rev="59">
 
 <section id="summary">
 
@@ -690,6 +690,10 @@
 about 4000 sessions.
 Each shared cache should have an arbitrary name.
 A cache with the same name can be used in several virtual servers.
+It is also used to automatically generate, store, and
+periodically rotate TLS session ticket keys (1.23.2)
+unless configured explicitly
+using the <link id="ssl_session_ticket_key"/> directive.
 </tag-desc>
 
 </list>
diff --git a/xml/ru/docs/http/ngx_http_ssl_module.xml b/xml/ru/docs/http/ngx_http_ssl_module.xml
--- a/xml/ru/docs/http/ngx_http_ssl_module.xml
+++ b/xml/ru/docs/http/ngx_http_ssl_module.xml
@@ -10,7 +10,7 @@
 <module name="Модуль ngx_http_ssl_module"
         link="/ru/docs/http/ngx_http_ssl_module.html"
         lang="ru"
-        rev="58">
+        rev="59">
 
 <section id="summary">
 
@@ -696,6 +696,10 @@
 У каждого разделяемого кэша должно быть произвольное название.
 Кэш с одинаковым названием может использоваться в нескольких
 виртуальных серверах.
+Также он используется для автоматического создания, хранения и
+периодического обновления ключей TLS session tickets (1.23.2),
+если они не указаны явно
+с помощью директивы <link id="ssl_session_ticket_key"/>.
 </tag-desc>
 
 </list>

> 
> -- 
> Sergey Kandaurov
> 
> _______________________________________________
> nginx-devel mailing list -- nginx-devel at nginx.org
> To unsubscribe send an email to nginx-devel-leave at nginx.org

More information about the nginx-devel mailing list