SSL session caching

Maxim Dounin mdounin at mdounin.ru
Tue Jun 2 14:38:49 UTC 2015


Hello!

On Tue, Jun 02, 2015 at 10:29:31AM -0400, CJ Ess wrote:

> In my current setup I have nginx behind a load balancing router (OSPF)
> where each connection to the same address has about 16% chance of hitting
> the same server as the last time.
> 
> In a setup like that, does SSL session caching make any difference? I was
> thinking it through this morning and I'm betting that the browser would
> toss the old session ID unless it happened to be routed to the same
> backend, because in the other cases the backend servers would respond they
> don't know the session. Is that correct?

If a server doesn't know the session, it will simply create a new 
one.  There is no performance difference between "no session" and 
"an unknown session" cases.  That is, session cache is still 
beneficial in such a setup - but has relatively small chance to 
help.

In such a setup, it should also be beneficial to configure shared 
session ticket keys, see http://nginx.org/r/ssl_session_ticket_key.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx mailing list