httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <p...@querna.org>
Subject Re: TLS session ticket key (shared) renewal
Date Tue, 22 Mar 2016 15:18:18 GMT
My thought was to add support for either multiple files, or multiple values
in the existing `SSLSessionTicketKeyFile`.  Then add support to decrypt
from any of the known keys, and have a setting (or the first loaded key)
would be used to encrypt all new keys.  This would allow for rotation in a
reasonable manner.

On Fri, Mar 18, 2016 at 6:55 AM, Yann Ylavic <ylavic.dev@gmail.com> wrote:

> Currently this can be done by using a (shared) SSLSessionTicketKeyFile
> and gracefuly restarting httpd instances, but there is room for
> improvements here.
>
> Thoughts?
>

Mime
View raw message