Hi,
@B.R. Not really… The only information for ssl_session_timout is “Specifies a time during which a client may reuse the session parameters stored in a cache.” It does not say anything about purging the TLS/SSL Cache which is my concern here. I have read that invalidating a TLS/SSL Session and purging the TLS/SSL Cache are two separate things. Arnaud From: nginx [mailto:[email protected]] On Behalf Of B.R. Sent: lundi 11 avril 2016 22:15 To: nginx ML <[email protected]> Subject: Re: TLS/SSL Cache Automatic Purge Hello, @Maxim Just to be perfectly clear: does that mean that session tickets are supported for any version of nginx (including <v1.5.9), provided OpenSSL 0.9.8f is available? So the directive would be kind of 'intercepting' TLS commands, a man in the middle of client and OpenSSL? @Arnaud I guess the docs <http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_timeout> have all your answers. --- B. R. On Mon, Apr 11, 2016 at 3:31 PM, Maxim Dounin <[email protected] <mailto:[email protected]> > wrote: Hello! On Mon, Apr 11, 2016 at 01:23:02PM +0200, B.R. wrote: [...] > On a side-note, by default nginx does not store session parameters as it > prefers tickets > <http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets>, > supported since v1.5.9, over sessions ID. Session tickets supported as long as OpenSSL version used supports them, that is, with OpenSSL 0.9.8f or later. In nginx 1.5.9 the "ssl_session_tickets" directive was added, which makes it possible to disable session tickets when needed. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] <mailto:[email protected]> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
