TLS session resumption (identifier)

Igor Sysoev igor at
Fri Mar 4 10:38:53 UTC 2016

On 04 Mar 2016, at 13:30, B.R. <reallfqq-nginx at> wrote:

> On Fri, Mar 4, 2016 at 11:19 AM, Igor Sysoev <igor at> wrote:
> Sorry, I meant there is no performance difference between “none” and “off” settings.
> ​Well, the client believes he should remember every session ID and store it somewhere for nothing, reading/resending/writing it on every connection.
> Small enough network traffic difference, though (the extra, useless ID in the ClientHello message could be considered harmless, even though those extra bytes appear on each TLS session establishment).

I believe this is negligible degradation for a client. These operations can be only noticeable
on server which serves a lot of simultaneous clients.

> As to default value, builtin session cache was by default initially but it turned out that
> it leads to memory fragmentation. So the default value has been changed to “off” and
> later to “none”.
> Of course shared cache is certainly better as default value but there is no good understanding
> what default cache size should be used. And now it becomes less important with ticket introduction.
> Total agreement there: I was not pushing for a default activating a cache, but rather for the clean 'off' setting.​
> ---
> B. R.

Igor Sysoev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list