"David Harris" <[EMAIL PROTECTED]> writes:
> Of Ralf S. Engelschall wrote:
> > Hmmm... I've no great opinion on this issue. I can see reasonable arguments
> > for both keeping the DBM file and truncating it. At least I've no objection
> > on using O_TRUNC or doing an unlink before ssl_dbm_open in
> > ssl_scache_dbm_init. What is the opinion of others?
>
> Heck, I don't change the allowed ciphers really at al, so I'm not going to get
> bitten. I do like to see the sessions preserved over restarts, because that's
> the whole purpose of a cache.
How often is your server re-started?
>
> What about applying the allowed cipher mask to sessions grabbed from the cache?
> Or something like storing the cipher mask in the database and clearing the
> cache only when it changes.
Err... but if preserving the cache means that the server *will* behave
differently then from how it is configured, then the cache *should* be
cleared. This is sort of like not having your .c's dependent on your
Makefile IMHO.
I suppose you could run through all the cache entries and make sure they
jive with the server's configuration, and then remove the ones that
don't. Or you could just add an option to mod_ssl to unlink, or not, the
cache files on starts and re-starts. With the default set to the current
behavior.
-Tom
--
Tom Vaughan <tvaughan at aventail dot com>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
