Welcome! Log In Create A New Profile

Re: TLS session resumption (identifier)

Forum List Message List New Topic Print View

Maxim Dounin

March 03, 2016 08:30AM

Hello!

On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote:

> Based on the default value of ssl_session_cache
> <http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache>,
> nginx does not store any session parameter, but allows client with the
> right Master Key to reuse their ID (and the parameters they got).
>
> Since nginx, does not cache anything and is thus unable to revalidate
> anything but the Master Key, isn't it a violation of the RFC not to
> validate all the parameters?

You are misunderstanding what "ssl_session_cache none" does. It
doesn't allow anything to be reused, just says so to clients.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
TLS session resumption (identifier)	B.R.	March 03, 2016 06:52AM
Re: TLS session resumption (identifier)	Maxim Dounin	March 03, 2016 08:30AM
Re: TLS session resumption (identifier)	B.R.	March 03, 2016 10:44AM
Re: TLS session resumption (identifier)	Igor Sysoev	March 03, 2016 10:50AM
Re: TLS session resumption (identifier)	B.R.	March 04, 2016 04:22AM
Re: TLS session resumption (identifier)	Igor Sysoev	March 04, 2016 04:42AM
Re: TLS session resumption (identifier)	B.R.	March 04, 2016 04:58AM
Re: TLS session resumption (identifier)	Igor Sysoev	March 04, 2016 05:20AM
Re: TLS session resumption (identifier)	B.R.	March 04, 2016 05:32AM
Re: TLS session resumption (identifier)	Igor Sysoev	March 04, 2016 05:40AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 275

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018