TLS/SSL Cache Automatic Purge
Lukas Tribus
luky-37 at hotmail.com
Tue Apr 12 09:23:15 UTC 2016
Hi,
> Just to be perfectly clear: does that mean that session tickets are
> supported for any version of nginx (including <v1.5.9), provided
> OpenSSL 0.9.8f is available?
Yes.
> So the directive would be kind of 'intercepting' TLS commands, a man in
> the middle of client and OpenSSL?
No, the feature [1] sets SSL_OP_NO_TICKET [2], which instructs OpenSSL
to NOT use TLS tickets. By default, OpenSSL uses tickets.
> The only information for ssl_session_timout is “Specifies a time during
> which a client may reuse the session parameters stored in a cache.”
> It does not say anything about purging the TLS/SSL Cache which is my
> concern here.
I don't think the sessions are purged, its probably an LRU.
Lukas
[1] http://hg.nginx.org/nginx/rev/d049b0ea00a3
[2] https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html
More information about the nginx
mailing list