httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rainer Jung <rainer.j...@kippdata.de>
Subject Re: [PATCH] Support for TLS Session Tickets
Date Fri, 30 Sep 2011 14:42:17 GMT
On 30.09.2011 14:33, Paul Querna wrote:
> On Fri, Sep 30, 2011 at 12:38 AM, Rainer Jung <rainer.jung@kippdata.de> wrote:
>> On 30.09.2011 08:08, Paul Querna wrote:
>>> Hiya,

>> So do we actually need to worry about the keys?
> 
> If you don't set anything, OpenSSL randomly generates a key
> per-SSL_CTX.  This is useful in a single server environment, as it
> generally "just works", and should be less load than using the normal
> ssl session cache.
> 
> The reason you would want to set the keys is so that you can have
> multiple Apache instances terminating SSL.  If they all use the same
> certificate and ticket key, then you can essentially share SSL
> Sessions between nodes without using a cache like memcached, by
> relying upon the client to share state with the other SSL terminator.

Ahh, right, I was actually thinking about a non SSL-sticky balanced
farm, but didn't know how it would behave and forgot to write about it.

Thanks for the info. That would definitely be a nice feature. Would it
be safe to use a statically defined key? Only as long as the config file
is safe?

Regards,

Rainer


Mime
View raw message