Welcome! Log In Create A New Profile

Advanced

How to resume TLS sessions with SSL session ticket on a different server?

Posted by Michael Steffens 
Forum List Message List New Topic
Michael Steffens
How to resume TLS sessions with SSL session ticket on a different server?
July 27, 2017 11:49AM
When using SSL session tickets for TLS session persistence no session state is supposed to be maintained by a server.

In a configuration with multiple Nginx reverse proxies behind a load balancer, which is round robin distributing requests, any server should be able to resume a TLS session with abbreviated TLS handshake, provided all servers are using the same ssl_session_ticket_key. Is this correct?

Unfortunately it doesn't work as expected for me. As long as subsequent requests are directed to the same Nginx, sessions are resumed by abbreviated hand shake.

Once the frontend load balancer switches to a different Nginx, I can observe a full hand shake. What do I need to configure to enable the session transition described above? Relevant options currently configured on server level:

proxy_ssl_session_reuse on;
ssl_protocols TLSv1.2;
ssl_dhparam ....pem;
ssl_session_cache shared:SSL:64m;
ssl_session_ticket_key ....key;

ssl_dhparam and ssl_session_ticket_key are pointing to identical files on all Nginx nodes.

Nginx version 1.10.3



Edited 1 time(s). Last edit at 07/27/2017 11:50AM by Michael Steffens.
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 309
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready