httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaspar Brand <httpd-dev.2...@velox.ch>
Subject Re: [PATCH] mod_ssl: improving session caching for SNI configurations
Date Sat, 07 Nov 2009 11:06:28 GMT
Kaspar Brand wrote:
> Does that sound reasonable? If so, I would prepare a new patch with
> SSL_CTX_set_tlsext_ticket_keys and the new config directive.

No reactions = no objections?

Would it perhaps be possible to piggyback onto Joe's reneg patch and get
this also into 2.2.15...? ;-)

Attached are updated patches for trunk and 2.2.x which:

- fix TLS session tickets for SNI configurations when OpenSSL versions
between 0.9.8f and 0.9.8l are used

- add a new (global) "SSLSessionTicketExtension" configuration directive
which allows controlling SSL_OP_NO_TICKET (defaulting to "on", i.e.
tickets are left enabled, but can be turned off if necessary)

- include the fix for the SNI callback which makes sure that the correct
session id context is set (to prevent improper session resumption).

Kaspar

Mime
View raw message