Welcome! Log In Create A New Profile

Advanced

Re: Distributed SSL session cache

Maxim Dounin
September 16, 2013 07:56AM
Hello!

On Mon, Sep 16, 2013 at 12:51:38AM +0400, kyprizel wrote:

> SSL session tickets are not good enough b/c they don't support modern
> cipher modes (like GCM) and they don't work with PFS.

This was already replied by Piotr. Session tickets are just a way
to store SSL session on the client, hence I see no problems with
any ciphers. Forward secrecy might be a problem if you use
long-term session tickets keys, but it's more about session
tickets keys rotation.

> Is it generally possible to implement session lookup in non-blocking way in
> this case?
> If yes - is there any good example of OpenSSL's non-blocking callbacks?

It should be possible, but it will likely require non-trivial
changes in OpenSSL. And I don't know any good examples.

> P.S. As an alternative (and I don't like this idea) - we can distribute
> sessions to nginx cache via custom-written module, something like it's done
> in stud.

This should be doable, and probably it's simpliest solution if you
want to stick with server-side sessions store.

--
Maxim Dounin
http://nginx.org/en/donation.html

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Distributed SSL session cache

kyprizel 2227 September 14, 2013 06:54AM

Re: Distributed SSL session cache

kyprizel 1315 September 16, 2013 03:16AM

Re: Distributed SSL session cache

Piotr Sikora 1167 September 16, 2013 04:32AM

Re: Distributed SSL session cache

kyprizel 951 September 16, 2013 05:04AM

Re: Distributed SSL session cache

Piotr Sikora 890 September 16, 2013 05:14AM

Re: Distributed SSL session cache

Maxim Dounin 902 September 16, 2013 07:56AM

Re: Distributed SSL session cache

Maxim Dounin 804 September 16, 2013 03:16AM

Re: Distributed SSL session cache

nginxorg 1223 September 16, 2013 03:16AM

Re: Distributed SSL session cache

Maxim Dounin 804 September 16, 2013 03:16AM

Re: Distributed SSL session cache

Daniel Black 812 September 16, 2013 09:00AM

Re: Distributed SSL session cache

Daniel Black 767 September 16, 2013 09:22AM

Re: Distributed SSL session cache

Maxim Dounin 1216 September 16, 2013 09:38AM

Re: Distributed SSL session cache

kyprizel 883 September 27, 2013 11:54PM

Re: Distributed SSL session cache

Piotr Sikora 856 September 28, 2013 06:06AM

Re: Distributed SSL session cache

kyprizel 812 September 28, 2013 01:54PM

Re: Distributed SSL session cache

Piotr Sikora 828 September 28, 2013 02:16PM

Re: Distributed SSL session cache

kyprizel 820 September 28, 2013 02:38PM

Re: Distributed SSL session cache

Maxim Dounin 777 September 30, 2013 10:52AM

Re: Distributed SSL session cache

kyprizel 840 September 30, 2013 11:16AM

Re: Distributed SSL session cache

Maxim Dounin 808 September 30, 2013 11:32AM

Re: Distributed SSL session cache

kyprizel 861 September 30, 2013 12:16PM

Re: Distributed SSL session cache

Maxim Dounin 794 September 30, 2013 02:02PM

Re: Distributed SSL session cache

kyprizel 877 October 01, 2013 09:38AM

Re: Distributed SSL session cache

Maxim Dounin 910 October 02, 2013 06:40AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 200
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready