Memcache SSL Session Cache

Dan Kubb dan.kubb+nginx at gmail.com
Sun Jul 20 19:32:50 MSD 2008


I noticed in the ngx_http_ssl_module there's an option to perform SSL  
session caching
using either OpenSSL's built-in cache, or a shared cache.  While  
OpenSSL's built-in
cache works with only a single worker, the shared cache can be used by  
all the worker
processes.

I was wondering if there are any plans to make a Memcache SSL Session  
cache that
could be used my all worker processes, between different servers in a  
cluster?

Currently Apache's mod_ssl has a Memcache SSL cache, and it comes in  
quite handy when
you are clustering multiple servers behind a load balancer.  That's  
because you don't
have to maintain any "SSL sticky" sessions where subsequent requests  
are routed by the
LB to the same server after the initial handshake.  Using Memcache any  
server in the
cluster could handle the SSL session seamlessly so load can be more  
evenly distributed
with less processing up-front by the LB.

Prior to mod_ssl adding a Memcache SSL cache, it actually had a  
distributed session
cache system since 2004 called distcache.  The main problem with that  
approach was
that the distcache server still represented a single point of failure  
unlike memcache
which can have the sessions cached across multiple servers.  Of course  
if the server
that has the session you want goes down the server still needs to re- 
negotiate the SSL
connection, but at least you haven't lost all of the cached sessions.

-- 

Thanks,

Dan





More information about the nginx mailing list