nginx and ephemeral Diffie-Hellman keys

Igor Sysoev is at
Sat Jun 14 01:06:33 MSD 2008

On Fri, Jun 13, 2008 at 10:53:29PM +0200, Jauder Ho wrote:

> Looking at the RFC text, if nginx sends TLS close notify, and does not 
> wait, does it reuse the session?

Yes, nginx allows to reuse sessions.
However, you should use cache shared across workers:

> The other test case would be of premature close (if client closes 
> connection without sending alert), session must be abandoned and not 
> reused.

No, nginx nevertheless allows to reuse these sessions,
otherwise all MSIE connections will require SSL handshake.

> Igor Sysoev wrote:
> > On Fri, Jun 13, 2008 at 01:55:21PM +0200, Jauder Ho wrote:
> > 
> >> On a separate note, in testing with 
> >>
> >> 
> >> It is noted that nginx only partially supports TLS closures. See section 
> >> 2.2 of
> > 
> > I do not know what they means under partially support of TLS closures,
> > however, nginx sends TLS close notify alert, but does not wait it from
> > client because many browsers including MSIE does not send this alert.

Igor Sysoev

More information about the nginx mailing list