António P. P. Almeida
November 21, 2010 10:48PM
On 22 Nov 2010 03h02 WET, mdounin@mdounin.ru wrote:

Hello Maxim,

Thank you for your reply.


> Session establishmen/resumption happens before SNI handling.
> Therefore configuring session cache within SNI-only server{} won't
> work, you have to configure one in default server for the socket
> in question.

So the session resumption is done using a mapping that related IPs
with session IDs. Completely oblivious to anything related with
server_name.

> This is how it's done in OpenSSL, and it seems to be what actually
> required by RFC4366 (http://tools.ietf.org/html/rfc4366#section-3):
>
> - If, on the other hand, the older session is resumed, then the
> server MUST ignore the extensions and send a server hello
> containing none of the extension types. In this case, the
> functionality of these extensions negotiated during the original
> session initiation is applied to the resumed session.

I tried this:

listen [::]:443 ssl default_server; # ipv6

while leaving the '_' server_name for the HTTP default server. But
gnutls-bin gives the same results. No session resumption support. It
requires a regular default_server, i.e.,

listen [::]:80 default_server; # ipv6

And the session cache configured in the correct server. This means
that I must ditch the "illegal" Host header server block so it seems
in order to get SSL session resumption to work :(

--- appa


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 05:56PM

Re: SSL session resumption. SSL Labs test.

Luit van Drongelen November 21, 2010 05:58PM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 08:00PM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 08:18PM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 08:36PM

Re: SSL session resumption. SSL Labs test.

Maxim Dounin November 21, 2010 10:08PM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 21, 2010 10:48PM

Re: SSL session resumption. SSL Labs test.

Maxim Dounin November 22, 2010 10:30AM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 22, 2010 11:46AM

Re: SSL session resumption. SSL Labs test.

António P. P. Almeida November 22, 2010 10:06AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 157
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready