Welcome! Log In Create A New Profile

Advanced

Re: Distributed SSL session cache

Previous Message Next Message
Forum List Message List New Topic Print View
kyprizel
September 16, 2013 03:16AM
SSL session tickets are not good enough b/c they don't support modern
cipher modes (like GCM) and they don't work with PFS.

Is it generally possible to implement session lookup in non-blocking way in
this case?
If yes - is there any good example of OpenSSL's non-blocking callbacks?

P.S. As an alternative (and I don't like this idea) - we can distribute
sessions to nginx cache via custom-written module, something like it's done
in stud.




On Sat, Sep 14, 2013 at 11:06 PM, Maxim Dounin <mdounin@mdounin.ru> wrote:

> Hello!
>
> On Sat, Sep 14, 2013 at 02:49:49PM +0400, kyprizel wrote:
>
> > Hi,
> > I'm thinking on design of patch for adding distributed SSL session cache
> > and have a question -
> > is it possible and ok to create keepalive upstream to some storage
> > (memcached/redis/etc), then use it from
> > ngx_ssl_new_session/ngx_ssl_get_cached_session ?
>
> As far as I remember, OpenSSL doesn't provide a non-blocking
> interface to session lookup (I've just did a quick look though
> code, and it seems I remeber it right). This basically ruins the
> the idea unless you are brave enough to implement needed
> interfaces in OpenSSL.
>
> I would rather focus on a support for SSL session tickets shared
> between multiple servers.
>
> --
> Maxim Dounin
> http://nginx.org/en/donation.html
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

Distributed SSL session cache

kyprizel 2228 September 14, 2013 06:54AM

Re: Distributed SSL session cache

kyprizel 1315 September 16, 2013 03:16AM

Re: Distributed SSL session cache

Piotr Sikora 1168 September 16, 2013 04:32AM

Re: Distributed SSL session cache

kyprizel 952 September 16, 2013 05:04AM

Re: Distributed SSL session cache

Piotr Sikora 891 September 16, 2013 05:14AM

Re: Distributed SSL session cache

Maxim Dounin 903 September 16, 2013 07:56AM

Re: Distributed SSL session cache

Maxim Dounin 805 September 16, 2013 03:16AM

Re: Distributed SSL session cache

nginxorg 1225 September 16, 2013 03:16AM

Re: Distributed SSL session cache

Maxim Dounin 804 September 16, 2013 03:16AM

Re: Distributed SSL session cache

Daniel Black 813 September 16, 2013 09:00AM

Re: Distributed SSL session cache

Daniel Black 768 September 16, 2013 09:22AM

Re: Distributed SSL session cache

Maxim Dounin 1216 September 16, 2013 09:38AM

Re: Distributed SSL session cache

kyprizel 883 September 27, 2013 11:54PM

Re: Distributed SSL session cache

Piotr Sikora 857 September 28, 2013 06:06AM

Re: Distributed SSL session cache

kyprizel 812 September 28, 2013 01:54PM

Re: Distributed SSL session cache

Piotr Sikora 828 September 28, 2013 02:16PM

Re: Distributed SSL session cache

kyprizel 820 September 28, 2013 02:38PM

Re: Distributed SSL session cache

Maxim Dounin 778 September 30, 2013 10:52AM

Re: Distributed SSL session cache

kyprizel 841 September 30, 2013 11:16AM

Re: Distributed SSL session cache

Maxim Dounin 808 September 30, 2013 11:32AM

Re: Distributed SSL session cache

kyprizel 862 September 30, 2013 12:16PM

Re: Distributed SSL session cache

Maxim Dounin 794 September 30, 2013 02:02PM

Re: Distributed SSL session cache

kyprizel 878 October 01, 2013 09:38AM

Re: Distributed SSL session cache

Maxim Dounin 911 October 02, 2013 06:40AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 226
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready