SSL session cache lifetime vs session ticket lifetime
Maxim Dounin
mdounin at mdounin.ru
Tue Mar 18 11:33:11 UTC 2014
Hello!
On Tue, Mar 18, 2014 at 03:26:10PM +0400, kyprizel wrote:
> Hi,
> currently SSL session lifetime and SSL ticket lifetime are equal in nginx.
>
> If we use session tickets with big enough lifetime (12hrs), we get a lot of
> error log messages while allocating new sessions in shared memory:
>
> 2014/03/18 13:36:08 [crit] 18730#0: ngx_slab_alloc() failed: no memory in
> SSL session shared cache "SSL"
>
> We don't want to increase session cache size b/c working with it is a
> blocking operation and I believe it doesn't work good enought in our
> network scheme.
Just a side note: I don't think that size matters from performance
point of view. The only real downside is memory used.
> As I can see - those messages are generated by ngx_slab_alloc_pages() even
> if session was added to the cache after expiration of some old ones.
>
> So, what do you think if we add one more config parameter to split session
> cache and session ticket lifetimes?
May be better approach will be to just avoid such messages?
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list