[nginx] SSL: raised limit for sessions stored in shared memory.

[noreply at nginx.com]

details:   https://github.com/nginx/nginx/commit/91245922027767c64e4e6661bf5e7623365c2328
branches:  master
commit:    91245922027767c64e4e6661bf5e7623365c2328
user:      Sergey Kandaurov <pluknet at nginx.com>
date:      Tue, 25 Feb 2025 19:50:44 +0400
description:
SSL: raised limit for sessions stored in shared memory.

Upstream SSL sessions may be of a noticeably larger size with tickets
in TLSv1.2 and older versions, or with "stateless" tickets in TLSv1.3,
if a client certificate is saved into the session.  Further, certain
stateless session resumption implemetations may store additional data.

Such one is JDK, known to also include server certificates in session
ticket data, which roughly doubles a decoded session size to slightly
beyond the previous limit.  While it's believed to be an issue on the
JDK side, this change allows to save such sessions.

Another, innocent case is using RSA certificates with 8192 key size.

---
 src/event/ngx_event_openssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 25e023b01..b7aaaca75 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -142,7 +142,7 @@ struct ngx_ssl_connection_s {
 #define NGX_SSL_DFLT_BUILTIN_SCACHE  -5
 
 
-#define NGX_SSL_MAX_SESSION_SIZE  4096
+#define NGX_SSL_MAX_SESSION_SIZE  8192
 
 typedef struct ngx_ssl_sess_id_s  ngx_ssl_sess_id_t;