SSL session resumption. SSL Labs test.

António P. P. Almeida appa at perusio.net
Mon Nov 22 01:43:42 MSK 2010


I've run a test through the tool available here:

https://www.ssllabs.com/ssldb/index.html

And I get a result stating: 

Session resumption	No (IDs assigned but not accepted)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I also run gnutls-cli and get:

Checking for Safe renegotiation support... yes
Checking for Safe renegotiation support (SCSV)... yes
Checking for TLS 1.2 support... no
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... TLS 1.0
Checking for TLS 1.0 support... yes
Checking for SSL 3.0 support... yes
Checking for HTTPS server name... not checked
Checking for version rollback bug in RSA PMS... no
Checking for version rollback bug in Client Hello... no
Checking whether we need to disable TLS 1.0... N/A
Checking whether the server ignores the RSA PMS version... no
Checking whether the server can accept Hello Extensions... yes
Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes
Checking whether the server can accept a bogus TLS record version in the client hello... no
Checking for certificate information... N/A
Checking for trusted CAs... N/A
Checking whether the server understands TLS closure alerts... partially
Checking whether the server supports session resumption... no
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It's strange, since I have the shared cache enabled:

    ## Use a SSL/TLS cache for SSL session resume.
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

Isn't this enough? Can someone more knowledgeable than I in SSL/TLS
stuff and Nginx shed some light on this issue? Should I ignore this
result?

Thank you,
--- appa





More information about the nginx mailing list