Quoting Jonas Smedegaard (2019-02-26 05:06:17) > I experienced on multiple hosts that upgrading to the new > libapache2-mod-gnutls went fine (I guess it simply reloaded apache2), > but that a later server restart would fail. > > Running "a2enmod socache_dbm" made apache2 work again. > > Debian-shipped config enables GnuTLSCache, using dbm. > Release 0.9.0 has GnuTLSSessionTickets enabled by default, > which seems to make GnuTLSCache unneeded for most common use cases > (exceptions being non-SNI needs and a pool of coordinated servers). > > Seems most sensible to remove or comment out the GnuTLSCache and > GnuTLSCacheTimeout lines.
Ahh, cache and ticket is not mutually exclusive. Then maybe a better default setup is to keep cache enabled but change it to use shmcb as that is already used for GnuTLSOCSPStapling which is enabled by default. So something like this: GnuTLSCache shmcb:cache/gnutls_cache(65536) (or maybe a full path? What is the root of above relative path?) Also, to ensure that shmcb module is loaded (was on my systems but not sure if that is always the case), add this as topmost line to debian/gnutls.load: # Depends: socache_shmcb If there is reason to stay with current dbm by default, I recommend to consider instead adding this to debian/gnutls.load: # Depends: socache_dbm - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
