Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Disable TLS Session Tickets when using server side session caching

  • Loading branch information...
commit d2e1d86a2f4ea65e2876ff8901f365862f3534e7 1 parent 72fe845
@tmm1 tmm1 authored committed
Showing with 7 additions and 1 deletion.
  1. +7 −1 src/event/ngx_event_openssl.c
View
8 src/event/ngx_event_openssl.c
@@ -1492,11 +1492,17 @@ ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
ngx_log_error_core(NGX_LOG_NOTICE, ssl->log, 0,
"Using an external SSL session cache");
-
+
SSL_CTX_sess_set_new_cb(ssl->ctx, ngx_ssl_new_session);
SSL_CTX_sess_set_get_cb(ssl->ctx, ngx_ssl_get_cached_session);
SSL_CTX_sess_set_remove_cb(ssl->ctx, ngx_ssl_remove_session);
+ /* TLS Session Tickets use a random encryption key which is different
+ * per server. Clients will attempt to use this instead of server-side
+ * sessions, defeating the purpose of caching sessions in the first place.
+ */
+ SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_TICKET);
+
if (SSL_CTX_set_ex_data(ssl->ctx, ngx_ssl_session_cache_index, sc_cfg)
== 0)
{

0 comments on commit d2e1d86

Please sign in to comment.
Something went wrong with that request. Please try again.