Welcome! Log In Create A New Profile

Re: Distributed SSL session cache

Forum List Message List New Topic Print View

Maxim Dounin

September 30, 2013 11:32AM

Hello!

On Mon, Sep 30, 2013 at 07:14:59PM +0400, kyprizel wrote:

> $ openssl rand -base64 48 | awk '{print "-----BEGIN SESSION TICKET
> KEY-----"; print; print "-----END SESSION TICKET KEY-----"}' >>
> ticket.key.new && cat ticket.key >> ticket.key.new && mv ticket.key.new
> ticket.key
>
> There is no difference b/w binary and PEM form here, but I prefer to see
> config files in printable characters.

I would prefer printable configs as well. But I don't really
think that adding PEM header/footer with awk counts as a trivial
way to do things. It's not something an ordinary admin can do
with at least 50% chance of getting a correct result for the first
time.

And, BTW, your key rotation lacks removing of an old key, which
makes it unusable. Correct implementation will require keeping
each key in it's own file - which essentially makes "single file
per key" aproach more natural.

--
Maxim Dounin
http://nginx.org/en/donation.html

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
Distributed SSL session cache	kyprizel	2229	September 14, 2013 06:54AM
Re: Distributed SSL session cache	kyprizel	1316	September 16, 2013 03:16AM
Re: Distributed SSL session cache	Piotr Sikora	1169	September 16, 2013 04:32AM
Re: Distributed SSL session cache	kyprizel	953	September 16, 2013 05:04AM
Re: Distributed SSL session cache	Piotr Sikora	894	September 16, 2013 05:14AM
Re: Distributed SSL session cache	Maxim Dounin	904	September 16, 2013 07:56AM
Re: Distributed SSL session cache	Maxim Dounin	806	September 16, 2013 03:16AM
Re: Distributed SSL session cache	nginxorg	1226	September 16, 2013 03:16AM
Re: Distributed SSL session cache	Maxim Dounin	805	September 16, 2013 03:16AM
Re: Distributed SSL session cache	Daniel Black	813	September 16, 2013 09:00AM
Re: Distributed SSL session cache	Daniel Black	768	September 16, 2013 09:22AM
Re: Distributed SSL session cache	Maxim Dounin	1217	September 16, 2013 09:38AM
Re: Distributed SSL session cache	kyprizel	886	September 27, 2013 11:54PM
Re: Distributed SSL session cache	Piotr Sikora	857	September 28, 2013 06:06AM
Re: Distributed SSL session cache	kyprizel	813	September 28, 2013 01:54PM
Re: Distributed SSL session cache	Piotr Sikora	829	September 28, 2013 02:16PM
Re: Distributed SSL session cache	kyprizel	822	September 28, 2013 02:38PM
Re: Distributed SSL session cache	Maxim Dounin	778	September 30, 2013 10:52AM
Re: Distributed SSL session cache	kyprizel	842	September 30, 2013 11:16AM
Re: Distributed SSL session cache	Maxim Dounin	809	September 30, 2013 11:32AM
Re: Distributed SSL session cache	kyprizel	863	September 30, 2013 12:16PM
Re: Distributed SSL session cache	Maxim Dounin	795	September 30, 2013 02:02PM
Re: Distributed SSL session cache	kyprizel	879	October 01, 2013 09:38AM
Re: Distributed SSL session cache	Maxim Dounin	913	October 02, 2013 06:40AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 111

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018