Set ssl_session_tickets each virtual host is unable?
malloc813
nginx-forum at forum.nginx.org
Fri Jan 13 00:30:23 UTC 2017
Maxim Dounin Wrote:
-------------------------------------------------------
> Hello!
>
> On Thu, Jan 12, 2017 at 11:57:58AM -0500, malloc813 wrote:
>
> > Hi, I tested nginx configuration and got one problem.
> > For example, I made 2 virtual hosts. They are SSL enabled server.
> >
> > http
> > {
> > #host1
> > server
> > {
> > ...
> > ssl_sesstion_tickets off;
> > ...
> > }
> >
> > #host2
> > {
> > ...
> > ssl_session_tickets on;
> > ...
> > }
> >
> > }
> >
> > Visit host1 after apply this configuration, chrome shows an error
> > ERR_SSL_PROTOCOL_ERROR
>
> Works fine here. The ERR_SSL_PROTOCOL_ERROR is likely caused by
> other problems in the configuration. First of all try "nginx -t"
> to see if there are obvious errors in your config.
>
I saw similar case like this:
https://community.letsencrypt.org/t/errors-from-browsers-with-ssl-session-tickets-off-nginx/18124
I will test this problem with other system.
> > Is it impossible to set ssl_session_tickets differently each
> virtual host?
>
> No.
>
> Session resumption happens in the context of the default server,
> and it is not possible to have different session cache / session
> tickets settings in virtual hosts. In the above configuration
> session tickets will be off for both servers (assuming they are
> listening on the same ip/port and the first one is the default).
>
That means, if I set ssl_session_cache and ssl_session_timeout both of
default server and virtual host, nginx dismiss virtual host's configuration
and use default server's configuration too?
> --
> Maxim Dounin
> http://nginx.org/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271971,271976#msg-271976
More information about the nginx
mailing list