TLS/SSL Cache Automatic Purge

Arnaud Van der Vorst sbxara at
Tue Apr 12 06:30:23 UTC 2016




Not really…

The only information for ssl_session_timout is “Specifies a time during which a client may reuse the session parameters stored in a cache.” It does not say anything about purging the TLS/SSL Cache which is my concern here.

I have read that invalidating a TLS/SSL Session and purging the TLS/SSL Cache are two separate things.




From: nginx [mailto:nginx-bounces at] On Behalf Of B.R.
Sent: lundi 11 avril 2016 22:15
To: nginx ML <nginx at>
Subject: Re: TLS/SSL Cache Automatic Purge




Just to be perfectly clear: does that mean that session tickets are supported for any version of nginx (including <v1.5.9), provided OpenSSL 0.9.8f is available?

So the directive would be kind of 'intercepting' TLS commands, a man in the middle of client and OpenSSL?


I guess the docs <>  have all your answers.

B. R.


On Mon, Apr 11, 2016 at 3:31 PM, Maxim Dounin <mdounin at <mailto:mdounin at> > wrote:


On Mon, Apr 11, 2016 at 01:23:02PM +0200, B.R. wrote:


> On a side-note, by default nginx does not store session parameters as it
> prefers tickets
> <>,
> supported since v1.5.9, over sessions ID.

Session tickets supported as long as OpenSSL version used supports
them, that is, with OpenSSL 0.9.8f or later.

In nginx 1.5.9 the "ssl_session_tickets" directive was added,
which makes it possible to disable session tickets when needed.

Maxim Dounin

nginx mailing list
nginx at <mailto:nginx at>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list