Welcome! Log In Create A New Profile

Advanced

Re: Does nginx support SSL resumption?

May 30, 2009 03:33AM
On Sat, May 30, 2009 at 12:04:27AM -0700, Michael Shadle wrote:

> Is there any reason for not enabling this? some sort of possible security risk?

> Seems like it saves a lot of negotiation overhead on each request

Yes. However, built-in OpenSSL session cache leads to memory fragmentation,
see http://marc.info/?t=120127289900027

Also I do think that shared SSL session cache should be enabled by default.

BTW, http://wiki.nginx.org/NginxHttpSslModule is outdated:
ssl_session_cache has yet two paramters "off" and "none" (default one):

"off" is hard off: nginx says explicitly to a client that sessions can not
reused.

"none" is soft off: nginx says to a client that session can be resued, but
nginx actually never reuses them. This is workaround for some mail clients
as ssl_session_cache may be used in mail proxy as well as in HTTP server.

> This is what I mean by "SSL resumption" I think it's what you're
> talking about too.
> http://rdist.root.org/2009/03/10/note-to-wordpress-on-ssl/
>
>
>
> 2009/5/29 Igor Sysoev <is@rambler-co.ru>:
> > On Fri, May 29, 2009 at 04:09:23PM -0700, Michael Shadle wrote:
> >
> >> If so, is it enabled by default? How can I enable it?
> >
> > If you mean SSL session reusing, then
> >
> > ssl_session_cache
Subject Author Posted

Does nginx support SSL resumption?

mike May 29, 2009 07:09PM

Re: Does nginx support SSL resumption?

Igor Sysoev May 30, 2009 02:51AM

Re: Does nginx support SSL resumption?

mike May 30, 2009 03:04AM

Re: Does nginx support SSL resumption?

Igor Sysoev May 30, 2009 03:33AM

Re: Does nginx support SSL resumption?

mike May 30, 2009 01:27PM

Re: Does nginx support SSL resumption?

Igor Sysoev May 30, 2009 02:29PM

Re: Does nginx support SSL resumption?

mike May 30, 2009 04:16PM

Re: Does nginx support SSL resumption?

Igor Sysoev June 03, 2009 04:29AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 247
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready