nginx and ephemeral Diffie-Hellman keys
Igor Sysoev
is at rambler-co.ru
Sat Jun 14 08:12:11 MSD 2008
On Fri, Jun 13, 2008 at 11:24:04PM +0200, Jauder Ho wrote:
> Igor Sysoev wrote:
>
> >
> > Yes, nginx allows to reuse sessions.
> > However, you should use cache shared across workers:
> > http://wiki.codemongers.com/NginxHttpSslModule#ssl_session_cache
>
> Ah yes. I did not see that parameter previously. Enabled..
>
> >> The other test case would be of premature close (if client closes
> >> connection without sending alert), session must be abandoned and not
> >> reused.
> >
> > No, nginx nevertheless allows to reuse these sessions,
> > otherwise all MSIE connections will require SSL handshake.
>
> I have not looked closely at the code but do you differentiate between
> SSL and non SSL sessions? That could be one way of figuring which
> session to dump.
What you mean "SSL and non SSL sessions" ? There is no "non SSL sessions"
in SSL terms.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list