httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <>
Subject Re: [PATCH] mod_ssl: improving session caching for SNI configurations
Date Thu, 05 Nov 2009 06:09:17 GMT
Ruediger Pluem wrote:
> I would like to see your comment on Steves comment regarding the usage of
> SSL_CTX_set_tlsext_ticket_keys.

That workaround does the trick, indeed - I played with it in the
meantime. Coding this in ssl_engine_init.c looks a bit awkward, but we
can limit the fix to OPENSSL_VERSION_NUMBER < 0x009080c0.

If we go for this option, however, then I propose that we also add an
SSLSessionTicketExtension directive, which defaults to "on" but allows
to turn off ticket support if desired (through SSL_OP_NO_TICKET).

Does that sound reasonable? If so, I would prepare a new patch with
SSL_CTX_set_tlsext_ticket_keys and the new config directive.


View raw message