Hey Maxim, > Huh? > > The SSL_CTX_set_timeout is a function which is documented to > "manipulate timeout values for session caching" [1], and it looks > quite reasonable for me to be set in a block responsible for > session cache logic. > > I would rather think about TLS Session Tickets as a specific way > to cache sessions.
Session cache (server-side) and Session Tickets (client-side) are two different approaches to do the session resumption. Session timeout (at least in OpenSSL) applies to both of them, but existing nginx code (and your patch) calls SSL_CTX_set_timeout() within session cache (server-side) code block, even though session timeout is used in setups without session cache (server-side). But if you disagree with my logic, then feel free to commit your patch, you're the gatekeeper so I'm fine with that. > [1] http://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html OpenSSL documentation is terrible and a lot of time outdated, I wouldn't be surprised if this was written before Session Tickets support was added. Best regards, Piotr Sikora _______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
