TLS session resumption (identifier)
B.R.
reallfqq-nginx at yahoo.fr
Fri Mar 4 10:30:32 UTC 2016
On Fri, Mar 4, 2016 at 11:19 AM, Igor Sysoev <igor at sysoev.ru> wrote:
> Sorry, I meant there is no performance difference between “none” and “off”
> settings.
>
Well, the client believes he should remember every session ID and store it
somewhere for nothing, reading/resending/writing it on every connection.
Small enough network traffic difference, though (the extra, useless ID in
the ClientHello message could be considered harmless, even though those
extra bytes appear on each TLS session establishement).
As to default value, builtin session cache was by default initially but it
> turned out that
> it leads to memory fragmentation. So the default value has been changed to
> “off” and
> later to “none”.
>
> Of course shared cache is certainly better as default value but there is
> no good understanding
> what default cache size should be used. And now it becomes less important
> with ticket introduction.
>
Total agreement there: I was not pushing for a default activating a cache,
but rather for the clean 'off' setting.
---
*B. R.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160304/96c687f2/attachment.html>
More information about the nginx
mailing list