Hello! On Mon, Sep 16, 2013 at 12:51:38AM +0400, kyprizel wrote:
> SSL session tickets are not good enough b/c they don't support modern > cipher modes (like GCM) and they don't work with PFS. This was already replied by Piotr. Session tickets are just a way to store SSL session on the client, hence I see no problems with any ciphers. Forward secrecy might be a problem if you use long-term session tickets keys, but it's more about session tickets keys rotation. > Is it generally possible to implement session lookup in non-blocking way in > this case? > If yes - is there any good example of OpenSSL's non-blocking callbacks? It should be possible, but it will likely require non-trivial changes in OpenSSL. And I don't know any good examples. > P.S. As an alternative (and I don't like this idea) - we can distribute > sessions to nginx cache via custom-written module, something like it's done > in stud. This should be doable, and probably it's simpliest solution if you want to stick with server-side sessions store. -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
