Hello! On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote:
> Based on the default value of ssl_session_cache > <http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache>, > nginx does not store any session parameter, but allows client with the > right Master Key to reuse their ID (and the parameters they got). > > Since nginx, does not cache anything and is thus unable to revalidate > anything but the Master Key, isn't it a violation of the RFC not to > validate all the parameters? You are misunderstanding what "ssl_session_cache none" does. It doesn't allow anything to be reused, just says so to clients. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
