Does nginx support SSL resumption?
Michael Shadle
mike503 at gmail.com
Sat May 30 21:27:06 MSD 2009
2009/5/30 Igor Sysoev <is at rambler-co.ru>:
> Yes. However, built-in OpenSSL session cache leads to memory fragmentation,
> see http://marc.info/?t=120127289900027
Is this an OpenSSL bug? I think there's an OpenSSL bug I am hitting as
well with Firefox 3.x (even using the ssl_protocols workaround) - if
this is a bug in OpenSSL I'd like to go yell at them for both... :)
> Also I do think that shared SSL session cache should be enabled by default.
I agree.
> BTW, http://wiki.nginx.org/NginxHttpSslModule is outdated:
> ssl_session_cache has yet two paramters "off" and "none" (default one):
>
> "off" is hard off: nginx says explicitly to a client that sessions can not
> reused.
>
> "none" is soft off: nginx says to a client that session can be resued, but
> nginx actually never reuses them. This is workaround for some mail clients
> as ssl_session_cache may be used in mail proxy as well as in HTTP server.
I've updated the wiki with this information.
http://wiki.nginx.org/NginxHttpSslModule#ssl_session_cache
Does it still accept two parameters as shown int he example on the
wiki? I want to make sure that is still legitimate. I assume that
means it will use the first cache and fall back to the second if it is
full or something?
Please verify my changes are correct. I don't want to be putting up
incorrect information :)
More information about the nginx
mailing list