Thanks, Maxim. You were right: I did my tests improperly...
What is the use of the 'none' value then? Should not there be only the 'off' one? There must be some benefit to it, but I fail to catch it. --- *B. R.* On Thu, Mar 3, 2016 at 2:29 PM, Maxim Dounin <[email protected]> wrote: > Hello! > > On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote: > > > Based on the default value of ssl_session_cache > > < > http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache>, > > nginx does not store any session parameter, but allows client with the > > right Master Key to reuse their ID (and the parameters they got). > > > > Since nginx, does not cache anything and is thus unable to revalidate > > anything but the Master Key, isn't it a violation of the RFC not to > > validate all the parameters? > > You are misunderstanding what "ssl_session_cache none" does. It > doesn't allow anything to be reused, just says so to clients. > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
