On Fri, Mar 18, 2016 at 2:55 PM, Yann Ylavic <[email protected]> wrote: > Currently this can be done by using a (shared) SSLSessionTicketKeyFile > and gracefuly restarting httpd instances, but there is room for > improvements here. > > Thoughts?
For the single httpd instance case at least, I'm thinking of SSLSessionTicketKeyTimeout which could be used for renewing the key(s), without the need for a scheduled restart. The key(s) would have to be stored/sync-ed in a SHM (or slotmem)...
