TLS session resumption (identifier)

Igor Sysoev igor at sysoev.ru
Fri Mar 4 10:38:53 UTC 2016


On 04 Mar 2016, at 13:30, B.R. <reallfqq-nginx at yahoo.fr> wrote:

> On Fri, Mar 4, 2016 at 11:19 AM, Igor Sysoev <igor at sysoev.ru> wrote:
> Sorry, I meant there is no performance difference between “none” and “off” settings.
> 
> ​Well, the client believes he should remember every session ID and store it somewhere for nothing, reading/resending/writing it on every connection.
> Small enough network traffic difference, though (the extra, useless ID in the ClientHello message could be considered harmless, even though those extra bytes appear on each TLS session establishment).

I believe this is negligible degradation for a client. These operations can be only noticeable
on server which serves a lot of simultaneous clients.

> As to default value, builtin session cache was by default initially but it turned out that
> it leads to memory fragmentation. So the default value has been changed to “off” and
> later to “none”.
> 
> Of course shared cache is certainly better as default value but there is no good understanding
> what default cache size should be used. And now it becomes less important with ticket introduction.
> 
> Total agreement there: I was not pushing for a default activating a cache, but rather for the clean 'off' setting.​
> ---
> B. R.



-- 
Igor Sysoev
http://nginx.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160304/cac5d852/attachment.html>


More information about the nginx mailing list