proper setup for forward secrecy
Maxim Dounin
mdounin at mdounin.ru
Wed Sep 19 13:49:48 UTC 2012
Hello!
On Tue, Sep 18, 2012 at 04:34:30AM -0400, eiji-gravion wrote:
> Still curious about this, it would be nice to have a way to rotate these
> keys without having to restart the server.
Looking though OpenSSL code suggests keys are generated on SSL_CTX
creation (at least as of OpenSSL 1.0.1c, see SSL_CTX_new() in
ssl/ssl_lib.c), that is, they are rotated by nginx configuration
reload.
Maxim Dounin
More information about the nginx
mailing list