ssl session id and spdy/http2 traffic
Maxim Dounin
mdounin at mdounin.ru
Tue Jun 14 14:28:28 UTC 2016
Hello!
On Mon, Jun 13, 2016 at 03:00:16AM -0400, gitl wrote:
> I have noticed that the variables ssl_session_id and ssl_session_reused are
> always empty for http2 traffic (and for spdy before that). Under http 1.1
> they are set as expected and documented.
> What's the reason for this? Why not list the ID of the single connection
> that is used for the multiplexing?
> A big reason why I am logging both variables is to make sure that ssl
> connections are being reused for http2 and to be able to check if the ssl
> cache
> overruns. If the those two variables are not available, what do you suggest
> to use instead?
The $ssl_session_id and $ssl_session_reused variables are
available with HTTP/2 much like with normal HTTP. There are
couple of nuances though:
- $ssl_session_id is not available when using session tickets, at
least till a session is actually reused, see detailed
explanation at http://trac.nginx.org/nginx/ticket/927#comment:1;
- in HTTP/2 connections are usually kept open for a long time, and you
aren't likely to see actual SSL session reuse due to this - in most
cases you will see just another request in an already opened
connection.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list