I was so wrong!
Here is an update:
1. For clients that do not support "TLS session ticket" extensions, you
*have* to install newSession/resumeSession handlers. The implementation can
be very simple for a single-process setup:
var tlsSessions = {};
server.on('newSession', function(id, data) {
tlsSessions[id.toString('binary')] = data.toString('binary');
});
server.on('resumeSession', function(id, cb) {
var data = null;
var stored = tlsSessions[id.toString('binary')];
if (stored) {
data = new Buffer(stored, 'binary');
}
cb(null, data);
}
// TODO - handle session expiration - 300 seconds by default
You can use strong-cluster-tls-store for clusters as mentioned in the
previous post.
2. For clients that do support "TLS session ticket extensions", you don't
have to do anything special. Unfortunately there are two problems:
- session resumption is broken in cluster - see issue #5871 [1]
- your resumeSession callback is always called, which slow things down -
see issue #5872 [2]
Miroslav
[1] https://github.com/joyent/node/issues/5871
[2] https://github.com/joyent/node/issues/5872
On Wednesday, July 17, 2013 8:09:08 AM UTC+2, Miroslav Bajtoš wrote:
>
> Hi tejasvi83,
>
> As long as your application is a single process (not in a cluster), TLS
> sessions are automatically resumed, you don't need to setup
> newSession/resumeSession handlers.
>
> If you are running a cluster of multiple worker processes, the outcome
> depends on what your client supports:
>
> - If your client supports TLSv1.x with "TLS session ticket" extension,
> then sessions are resumed automatically. The extension is supported by
> openssl since 2007, gnutls since 2009, recent versions of Firefox and
> Chrome support it too, also node v0.10 is fine.
>
> - You need to implement your own TLS session sharing only for clients that
> don't support TLSv1.x (i.e. they are talking SSLv3 or older) or don't
> implement TLS session tickets (e.g. Internet Explorer and other
> applications using Microsoft's SChannel library [1]).
>
> I am actually investigating this topic at the moment and created a module
> implementing TLS session store for node's cluster [2]. I have the first
> working version ready, but I am not happy with the performance, so I
> haven't published it to npm yet. See this node's GH issue [3] for related
> discussion.
>
> Miroslav
>
> [1]
> http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123(v=vs.85).aspx
> [2] https://github.com/strongloop/strong-cluster-tls-store
> [3] https://github.com/joyent/node/issues/5853
>
--
--
Job Board: http://jobs.nodejs.org/
Posting guidelines:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
You received this message because you are subscribed to the Google
Groups "nodejs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/nodejs?hl=en?hl=en
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
