Hi,


> Just to be perfectly clear: does that mean that session tickets are 
> supported for any version of nginx (including <v1.5.9), provided 
> OpenSSL 0.9.8f is available?

Yes.



> So the directive would be kind of 'intercepting' TLS commands, a man in 
> the middle of client and OpenSSL?

No, the feature [1] sets SSL_OP_NO_TICKET [2], which instructs OpenSSL
to NOT use TLS tickets. By default, OpenSSL uses tickets.



> The only information for ssl_session_timout is “Specifies a time during
> which a client may reuse the session parameters stored in a cache.”
> It does not say anything about purging the TLS/SSL Cache which is my
> concern here.

I don't think the sessions are purged, its probably an LRU.



Lukas


[1] http://hg.nginx.org/nginx/rev/d049b0ea00a3
[2] https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx