[ https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839466#comment-13839466 ]
James Peach commented on TS-1146: --------------------------------- OK, I looked more at what http does with session tickets. I agree that is makes sense to keep the session ticket key in a separate file. I don't think that the {{sess_ticket_enabled}} parameter is necessary. The presence or absence of a ticket key should be enough to determine whether to use session tickets. I thought about whether we should always enable session tickets with random data and decided against it since the behavior you have here matches httpd. I think that {{ticket_key_name}} might be a better name for the parameter than {{sess_key_filename}} since it it slightly more consistent with the existing parameter names. I see that you attach the ticket key to the SSL context, but I'm not clear on how this data is released. Can you point that out to me? Finally, if you could make a start at documenting this in {{doc/reference/configuration/ssl_multicert.config.en.rst}}, that would be very helpful. I'd be happy to help polish any text you can contribute. > RFC 5077 TLS Session tickets > ---------------------------- > > Key: TS-1146 > URL: https://issues.apache.org/jira/browse/TS-1146 > Project: Traffic Server > Issue Type: Improvement > Components: SSL > Reporter: James Peach > Assignee: James Peach > Labels: A > Fix For: 5.0.0 > > Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt, > session_ticket.patch > > > For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the > machines need to have the same server ticket. > See https://github.com/apache/httpd rev > 967d943b93498233f0ec81a5b48706fdb6892dfd -- This message was sent by Atlassian JIRA (v6.1#6144)