Welcome! Log In Create A New Profile

Advanced

Re: Does nginx support SSL resumption?

May 30, 2009 02:29PM
On Sat, May 30, 2009 at 10:27:06AM -0700, Michael Shadle wrote:

> 2009/5/30 Igor Sysoev <is@rambler-co.ru>:
>
> > Yes. However, built-in OpenSSL session cache leads to memory fragmentation,
> > see http://marc.info/?t=120127289900027
>
> Is this an OpenSSL bug? I think there's an OpenSSL bug I am hitting as
> well with Firefox 3.x (even using the ssl_protocols workaround) - if
> this is a bug in OpenSSL I'd like to go yell at them for both... :)

I believe this is joint effect of some libc malloc() and OpenSSL.

> > Also I do think that shared SSL session cache should be enabled by default.
>
> I agree.
>
> > BTW, http://wiki.nginx.org/NginxHttpSslModule is outdated:
> > ssl_session_cache has yet two paramters "off" and "none" (default one):
> >
> > "off" is hard off: nginx says explicitly to a client that sessions can not
> > reused.
> >
> > "none" is soft off: nginx says to a client that session can be resued, but
> > nginx actually never reuses them. This is workaround for some mail clients
> > as ssl_session_cache may be used in mail proxy as well as in HTTP server.
>
> I've updated the wiki with this information.
> http://wiki.nginx.org/NginxHttpSslModule#ssl_session_cache
>
> Does it still accept two parameters as shown int he example on the
> wiki? I want to make sure that is still legitimate. I assume that
> means it will use the first cache and fall back to the second if it is
> full or something?

Yes, you still may set both builtin and shared cache simultaneously,
but shared one only is preferable.

> Please verify my changes are correct. I don't want to be putting up
> incorrect information :)

Thank you, this is correct.


--
Igor Sysoev
http://sysoev.ru/en/
Subject Author Posted

Does nginx support SSL resumption?

mike May 29, 2009 07:09PM

Re: Does nginx support SSL resumption?

Igor Sysoev May 30, 2009 02:51AM

Re: Does nginx support SSL resumption?

mike May 30, 2009 03:04AM

Re: Does nginx support SSL resumption?

Igor Sysoev May 30, 2009 03:33AM

Re: Does nginx support SSL resumption?

mike May 30, 2009 01:27PM

Re: Does nginx support SSL resumption?

Igor Sysoev May 30, 2009 02:29PM

Re: Does nginx support SSL resumption?

mike May 30, 2009 04:16PM

Re: Does nginx support SSL resumption?

Igor Sysoev June 03, 2009 04:29AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 143
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready