Welcome! Log In Create A New Profile

Re: Distributed SSL session cache

Forum List Message List New Topic Print View

Maxim Dounin

September 30, 2013 11:32AM

Hello!

On Mon, Sep 30, 2013 at 07:14:59PM +0400, kyprizel wrote:

> $ openssl rand -base64 48 | awk '{print "-----BEGIN SESSION TICKET
> KEY-----"; print; print "-----END SESSION TICKET KEY-----"}' >>
> ticket.key.new && cat ticket.key >> ticket.key.new && mv ticket.key.new
> ticket.key
>
> There is no difference b/w binary and PEM form here, but I prefer to see
> config files in printable characters.

I would prefer printable configs as well. But I don't really
think that adding PEM header/footer with awk counts as a trivial
way to do things. It's not something an ordinary admin can do
with at least 50% chance of getting a correct result for the first
time.

And, BTW, your key rotation lacks removing of an old key, which
makes it unusable. Correct implementation will require keeping
each key in it's own file - which essentially makes "single file
per key" aproach more natural.

--
Maxim Dounin
http://nginx.org/en/donation.html

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
Distributed SSL session cache	kyprizel	2227	September 14, 2013 06:54AM
Re: Distributed SSL session cache	kyprizel	1315	September 16, 2013 03:16AM
Re: Distributed SSL session cache	Piotr Sikora	1167	September 16, 2013 04:32AM
Re: Distributed SSL session cache	kyprizel	951	September 16, 2013 05:04AM
Re: Distributed SSL session cache	Piotr Sikora	890	September 16, 2013 05:14AM
Re: Distributed SSL session cache	Maxim Dounin	902	September 16, 2013 07:56AM
Re: Distributed SSL session cache	Maxim Dounin	804	September 16, 2013 03:16AM
Re: Distributed SSL session cache	nginxorg	1223	September 16, 2013 03:16AM
Re: Distributed SSL session cache	Maxim Dounin	804	September 16, 2013 03:16AM
Re: Distributed SSL session cache	Daniel Black	812	September 16, 2013 09:00AM
Re: Distributed SSL session cache	Daniel Black	767	September 16, 2013 09:22AM
Re: Distributed SSL session cache	Maxim Dounin	1216	September 16, 2013 09:38AM
Re: Distributed SSL session cache	kyprizel	883	September 27, 2013 11:54PM
Re: Distributed SSL session cache	Piotr Sikora	856	September 28, 2013 06:06AM
Re: Distributed SSL session cache	kyprizel	812	September 28, 2013 01:54PM
Re: Distributed SSL session cache	Piotr Sikora	828	September 28, 2013 02:16PM
Re: Distributed SSL session cache	kyprizel	820	September 28, 2013 02:38PM
Re: Distributed SSL session cache	Maxim Dounin	777	September 30, 2013 10:52AM
Re: Distributed SSL session cache	kyprizel	840	September 30, 2013 11:16AM
Re: Distributed SSL session cache	Maxim Dounin	807	September 30, 2013 11:32AM
Re: Distributed SSL session cache	kyprizel	861	September 30, 2013 12:16PM
Re: Distributed SSL session cache	Maxim Dounin	794	September 30, 2013 02:02PM
Re: Distributed SSL session cache	kyprizel	877	October 01, 2013 09:38AM
Re: Distributed SSL session cache	Maxim Dounin	910	October 02, 2013 06:40AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 246

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018