Nginx + lua-nginx, get ssl_session_id

Yichun Zhang (agentzh) agentzh at gmail.com
Sat Nov 29 05:03:09 UTC 2014


Hello!

On Thu, Nov 27, 2014 at 12:07 AM, VladimirSmirnov wrote:
> P.S. As pointed by resty.session author, I've disabled ssl_session_ticket
> and now I'm receiving ssl_session_id even with TLS enabled. But I'm not sure
> that it's best way to deal with this problem.
>

No, you don't really want this. To quote my warning in my previous email:

"Well, this is just a hacky way to quickly test this thing. Do not use
SSLv3 exclusively in production! TLS session tickets are way more
effective (and cheaper) than SSL session IDs (if available)."

Disabling session tickets to force sessions IDs is a complete loss.
The session tickets are almost always preferred.

> P.S.S. I've used this mail-listing, because it's not Lua-related problem.
>

The openresty-en mailing list is not a Lua-specific list :)

Regards,
-agentzh



More information about the nginx mailing list