Welcome! Log In Create A New Profile

Advanced

SSL session resumption. SSL Labs test.

António P. P. Almeida
November 21, 2010 05:56PM
I've run a test through the tool available here:

https://www.ssllabs.com/ssldb/index.html

And I get a result stating:

Session resumption No (IDs assigned but not accepted)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

I also run gnutls-cli and get:

Checking for Safe renegotiation support... yes
Checking for Safe renegotiation support (SCSV)... yes
Checking for TLS 1.2 support... no
Checking for TLS 1.1 support... no
Checking fallback from TLS 1.1 to... TLS 1.0
Checking for TLS 1.0 support... yes
Checking for SSL 3.0 support... yes
Checking for HTTPS server name... not checked
Checking for version rollback bug in RSA PMS... no
Checking for version rollback bug in Client Hello... no
Checking whether we need to disable TLS 1.0... N/A
Checking whether the server ignores the RSA PMS version... no
Checking whether the server can accept Hello Extensions... yes
Checking whether the server can accept cipher suites not in SSL 3.0 spec... yes
Checking whether the server can accept a bogus TLS record version in the client hello... no
Checking for certificate information... N/A
Checking for trusted CAs... N/A
Checking whether the server understands TLS closure alerts... partially
Checking whether the server supports session resumption... no
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

It's strange, since I have the shared cache enabled:

## Use a SSL/TLS cache for SSL session resume.
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

Isn't this enough? Can someone more knowledgeable than I in SSL/TLS
stuff and Nginx shed some light on this issue? Should I ignore this
result?

Thank you,
--- appa



_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 05:56PM

Re: SSL session resumption. SSL Labs test.

Luit van Drongelen November 21, 2010 05:58PM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 08:00PM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 08:18PM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 08:36PM

Re: SSL session resumption. SSL Labs test.

Maxim Dounin November 21, 2010 10:08PM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 10:48PM

Re: SSL session resumption. SSL Labs test.

Maxim Dounin November 22, 2010 10:30AM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 22, 2010 11:46AM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 22, 2010 10:06AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 269
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready