This setting has no affect on the ATS session cache implementation, only the OpenSSL implementation. But you're correct in your assessment. So with this option someone will need to force flush. This is something we plan on exposing via a new API.
"Normally the session cache is checked for expired sessions every 255 connections using the SSL_CTX_flush_sessions(3) <https://www.openssl.org/docs/ssl/SSL_CTX_flush_sessions.html#> function. Since this may lead to a delay which cannot be controlled, the automatic flushing may be disabled and SSL_CTX_flush_sessions(3) <https://www.openssl.org/docs/ssl/SSL_CTX_flush_sessions.html#> can be called explicitly by the application." On Friday, October 10, 2014, Leif Hedstrom <zw...@apache.org> wrote: > > On Oct 10, 2014, at 1:46 PM, bri...@apache.org <javascript:;> wrote: > > > > > + > > +.. ts:cv:: CONFIG proxy.config.ssl.session_cache.auto_clear INT 1 > > + > > + This will set the OpenSSL auto clear flag. Auto clear is enabled by > > + default with ``1`` it can be disabled by changing this setting to > ``0``. > > > > .. ts:cv:: CONFIG proxy.config.ssl.session_cache.size INT 102400 > > > > > > > What’s the effect of turning off this new setting? Does that leave the > session cache in a state where it grows boundless? Does it leave it up to > ATS itself to clear it? And if so, do we? Or can a plugin be implemented to > clear the cache? > > — Leif > >
