Welcome! Log In Create A New Profile

Re: proper setup for forward secrecy

Forum List Message List New Topic Print View

Maxim Dounin

September 19, 2012 09:50AM

Hello!

On Tue, Sep 18, 2012 at 04:34:30AM -0400, eiji-gravion wrote:

> Still curious about this, it would be nice to have a way to rotate these
> keys without having to restart the server.

Looking though OpenSSL code suggests keys are generated on SSL_CTX
creation (at least as of OpenSSL 1.0.1c, see SSL_CTX_new() in
ssl/ssl_lib.c), that is, they are rotated by nginx configuration
reload.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
proper setup for forward secrecy	eiji-gravion	August 09, 2012 02:37PM
Re: proper setup for forward secrecy	Maxim Dounin	August 10, 2012 05:08AM
Re: proper setup for forward secrecy	eiji-gravion	August 10, 2012 05:42AM
Re: proper setup for forward secrecy	eiji-gravion	September 18, 2012 04:34AM
Re: proper setup for forward secrecy	Maxim Dounin	September 19, 2012 09:50AM
Re: proper setup for forward secrecy	eiji-gravion	September 21, 2012 05:22PM
Re: proper setup for forward secrecy	Maxim Dounin	September 24, 2012 10:42AM
Re: proper setup for forward secrecy	mastercan	March 25, 2015 05:26PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 292

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018