Memcache SSL Session Cache
Dan Kubb
dan.kubb+nginx at gmail.com
Sun Jul 20 19:32:50 MSD 2008
I noticed in the ngx_http_ssl_module there's an option to perform SSL
session caching
using either OpenSSL's built-in cache, or a shared cache. While
OpenSSL's built-in
cache works with only a single worker, the shared cache can be used by
all the worker
processes.
I was wondering if there are any plans to make a Memcache SSL Session
cache that
could be used my all worker processes, between different servers in a
cluster?
Currently Apache's mod_ssl has a Memcache SSL cache, and it comes in
quite handy when
you are clustering multiple servers behind a load balancer. That's
because you don't
have to maintain any "SSL sticky" sessions where subsequent requests
are routed by the
LB to the same server after the initial handshake. Using Memcache any
server in the
cluster could handle the SSL session seamlessly so load can be more
evenly distributed
with less processing up-front by the LB.
Prior to mod_ssl adding a Memcache SSL cache, it actually had a
distributed session
cache system since 2004 called distcache. The main problem with that
approach was
that the distcache server still represented a single point of failure
unlike memcache
which can have the sessions cached across multiple servers. Of course
if the server
that has the session you want goes down the server still needs to re-
negotiate the SSL
connection, but at least you haven't lost all of the cached sessions.
--
Thanks,
Dan
More information about the nginx
mailing list