httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yann Ylavic <ylavic....@gmail.com>
Subject Re: TLS session ticket key (shared) renewal
Date Fri, 18 Mar 2016 14:01:25 GMT
On Fri, Mar 18, 2016 at 2:55 PM, Yann Ylavic <ylavic.dev@gmail.com> wrote:
> Currently this can be done by using a (shared) SSLSessionTicketKeyFile
> and gracefuly restarting httpd instances, but there is room for
> improvements here.
>
> Thoughts?

For the single httpd instance case at least, I'm thinking of
SSLSessionTicketKeyTimeout which could be used for renewing the
key(s), without the need for a scheduled restart.
The key(s) would have to be stored/sync-ed in a SHM (or slotmem)...

Mime
View raw message