Welcome! Log In Create A New Profile

Advanced

Re: proper setup for forward secrecy

Maxim Dounin
September 19, 2012 09:50AM
Hello!

On Tue, Sep 18, 2012 at 04:34:30AM -0400, eiji-gravion wrote:

> Still curious about this, it would be nice to have a way to rotate these
> keys without having to restart the server.

Looking though OpenSSL code suggests keys are generated on SSL_CTX
creation (at least as of OpenSSL 1.0.1c, see SSL_CTX_new() in
ssl/ssl_lib.c), that is, they are rotated by nginx configuration
reload.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

proper setup for forward secrecy

eiji-gravion August 09, 2012 02:37PM

Re: proper setup for forward secrecy

Maxim Dounin August 10, 2012 05:08AM

Re: proper setup for forward secrecy

eiji-gravion August 10, 2012 05:42AM

Re: proper setup for forward secrecy

eiji-gravion September 18, 2012 04:34AM

Re: proper setup for forward secrecy

Maxim Dounin September 19, 2012 09:50AM

Re: proper setup for forward secrecy

eiji-gravion September 21, 2012 05:22PM

Re: proper setup for forward secrecy

Maxim Dounin September 24, 2012 10:42AM

Re: proper setup for forward secrecy

mastercan March 25, 2015 05:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 177
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready