[
https://issues.apache.org/jira/browse/TS-1146?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839466#comment-13839466
]
James Peach commented on TS-1146:
---------------------------------
OK, I looked more at what http does with session tickets. I agree that is makes
sense to keep the session ticket key in a separate file.
I don't think that the {{sess_ticket_enabled}} parameter is necessary. The
presence or absence of a ticket key should be enough to determine whether to
use session tickets. I thought about whether we should always enable session
tickets with random data and decided against it since the behavior you have
here matches httpd.
I think that {{ticket_key_name}} might be a better name for the parameter than
{{sess_key_filename}} since it it slightly more consistent with the existing
parameter names.
I see that you attach the ticket key to the SSL context, but I'm not clear on
how this data is released. Can you point that out to me?
Finally, if you could make a start at documenting this in
{{doc/reference/configuration/ssl_multicert.config.en.rst}}, that would be very
helpful. I'd be happy to help polish any text you can contribute.
> RFC 5077 TLS Session tickets
> ----------------------------
>
> Key: TS-1146
> URL: https://issues.apache.org/jira/browse/TS-1146
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Reporter: James Peach
> Assignee: James Peach
> Labels: A
> Fix For: 5.0.0
>
> Attachments: SSL_CTX_set_tlsext_ticket_key_cb.txt,
> session_ticket.patch
>
>
> For supporting RFC 5077 TLS Session tickets across a ATS cluster, all the
> machines need to have the same server ticket.
> See https://github.com/apache/httpd rev
> 967d943b93498233f0ec81a5b48706fdb6892dfd
--
This message was sent by Atlassian JIRA
(v6.1#6144)
