Welcome! Log In Create A New Profile

Advanced

[PATCH 01 of 11] SSL: disabled saving tickets to session cache

Maxim Dounin
August 25, 2022 11:14PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1661481945 -10800
# Fri Aug 26 05:45:45 2022 +0300
# Node ID 2cd8fbeb4edc5a99b725585edc02a16a8a0c503e
# Parent 069a4813e8d6d7ec662d282a10f5f7062ebd817f
SSL: disabled saving tickets to session cache.

OpenSSL for TLSv1.3 tries to save tickets into session cache "because some
applications just want to know about the creation of a session". To avoid
trashing session cache with useless data, we do not save such sessions now.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3815,6 +3815,22 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_
ngx_ssl_session_cache_t *cache;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];

+#ifdef TLS1_3_VERSION
+
+ /*
+ * OpenSSL for TLSv1.3 tries to save tickets into session cache
+ * "because some applications just want to know about the creation
+ * of a session"; do not cache such sessions
+ */
+
+ if (SSL_version(ssl_conn) == TLS1_3_VERSION
+ && (SSL_get_options(ssl_conn) & SSL_OP_NO_TICKET) == 0)
+ {
+ return 0;
+ }
+
+#endif
+
len = i2d_SSL_SESSION(sess, NULL);

/* do not cache too big session */

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

[PATCH 01 of 11] SSL: disabled saving tickets to session cache

Maxim Dounin 361 August 25, 2022 11:14PM

Re: [PATCH 01 of 11] SSL: disabled saving tickets to session cache

Sergey Kandaurov 37 September 15, 2022 01:38AM

Re: [PATCH 01 of 11] SSL: disabled saving tickets to session cache

Maxim Dounin 31 September 16, 2022 05:00PM

Re: [PATCH 01 of 11] SSL: disabled saving tickets to session cache

Sergey Kandaurov 21 September 26, 2022 06:12AM

Re: [PATCH 01 of 11] SSL: disabled saving tickets to session cache

Maxim Dounin 20 September 27, 2022 04:16PM

Re: [PATCH 01 of 11] SSL: disabled saving tickets to session cache

Sergey Kandaurov 26 September 29, 2022 11:10AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 78
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready