SSL session cache lifetime vs session ticket lifetime

WuBingzheng wubingzheng at 163.com
Thu Jul 10 08:18:33 UTC 2014


Hello,

>From http://tools.ietf.org/html/rfc5077#section-3.4, I think Session Tickets
and Session ID do not work for one connection at the same time. If the
client supports Tickets, then Session ID (or the session cache) will not
work.

Am I right? In my test, the 2 callbacks ngx_ssl_new_session() and
ngx_ssl_get_cached_session() are not called if ticket is used.

So if we assume that most browsers support Tickets now, the session cache
does not work at most time, why does the ngx_slab_alloc() fails in your
post?

If I am right, should I just disable session cache, and set tickets life
time big enough?
Maybe SSL_CTX_set_timeout() should be moved to the beginning of
ngx_ssl_session_cache() then.


Thanks
Wu



--
View this message in context: http://nginx.2469901.n2.nabble.com/SSL-session-cache-lifetime-vs-session-ticket-lifetime-tp7588963p7590693.html
Sent from the nginx mailing list archive at Nabble.com.



More information about the nginx mailing list