SSL session cache lifetime vs session ticket lifetime
kyprizel
kyprizel at gmail.com
Tue Mar 18 11:42:33 UTC 2014
What will be the best way to do it?
On Tue, Mar 18, 2014 at 3:33 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!
>
> On Tue, Mar 18, 2014 at 03:26:10PM +0400, kyprizel wrote:
>
> > Hi,
> > currently SSL session lifetime and SSL ticket lifetime are equal in
> nginx.
> >
> > If we use session tickets with big enough lifetime (12hrs), we get a lot
> of
> > error log messages while allocating new sessions in shared memory:
> >
> > 2014/03/18 13:36:08 [crit] 18730#0: ngx_slab_alloc() failed: no memory in
> > SSL session shared cache "SSL"
> >
> > We don't want to increase session cache size b/c working with it is a
> > blocking operation and I believe it doesn't work good enought in our
> > network scheme.
>
> Just a side note: I don't think that size matters from performance
> point of view. The only real downside is memory used.
>
> > As I can see - those messages are generated by ngx_slab_alloc_pages()
> even
> > if session was added to the cache after expiration of some old ones.
> >
> > So, what do you think if we add one more config parameter to split
> session
> > cache and session ticket lifetimes?
>
> May be better approach will be to just avoid such messages?
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140318/1c41cc7f/attachment.html>
More information about the nginx
mailing list