TLS/SSL Cache Automatic Purge
B.R.
reallfqq-nginx at yahoo.fr
Mon Apr 11 20:15:24 UTC 2016
Hello,
@Maxim
Just to be perfectly clear: does that mean that session tickets are
supported for any version of nginx (including <v1.5.9), provided OpenSSL
0.9.8f is available?
So the directive would be kind of 'intercepting' TLS commands, a man in the
middle of client and OpenSSL?
@Arnaud
I guess the docs
<http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout>
have all your answers.
---
*B. R.*
On Mon, Apr 11, 2016 at 3:31 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Hello!
>
> On Mon, Apr 11, 2016 at 01:23:02PM +0200, B.R. wrote:
>
> [...]
>
> > On a side-note, by default nginx does not store session parameters as it
> > prefers tickets
> > <
> http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
> >,
> > supported since v1.5.9, over sessions ID.
>
> Session tickets supported as long as OpenSSL version used supports
> them, that is, with OpenSSL 0.9.8f or later.
>
> In nginx 1.5.9 the "ssl_session_tickets" directive was added,
> which makes it possible to disable session tickets when needed.
>
> --
> Maxim Dounin
> http://nginx.org/
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160411/37b19ecf/attachment.html>
More information about the nginx
mailing list