nginx and ephemeral Diffie-Hellman keys

Igor Sysoev is at rambler-co.ru
Sat Jun 14 08:12:11 MSD 2008


On Fri, Jun 13, 2008 at 11:24:04PM +0200, Jauder Ho wrote:

> Igor Sysoev wrote:
> 
> > 
> > Yes, nginx allows to reuse sessions.
> > However, you should use cache shared across workers:
> > http://wiki.codemongers.com/NginxHttpSslModule#ssl_session_cache
> 
> Ah yes. I did not see that parameter previously. Enabled..
> 
> >> The other test case would be of premature close (if client closes 
> >> connection without sending alert), session must be abandoned and not 
> >> reused.
> > 
> > No, nginx nevertheless allows to reuse these sessions,
> > otherwise all MSIE connections will require SSL handshake.
> 
> I have not looked closely at the code but do you differentiate between 
> SSL and non SSL sessions? That could be one way of figuring which 
> session to dump.

What you mean "SSL and non SSL sessions" ? There is no "non SSL sessions"
in SSL terms.


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list