Hello! On Thu, Oct 09, 2014 at 10:36:10AM +0200, Richard Fussenegger, BSc wrote:
> Hello Maxim! > > On 9/22/2014 2:38 PM, Maxim Dounin wrote: > >Hello! > > > >On Mon, Sep 22, 2014 at 01:39:43PM +0200, Richard Fussenegger, BSc wrote: > > > >The main problem here is how to share keys between worker > >processes, to ensure different workers will be able to decrypt > >tickets. So automatic rotation of ticket keys will likely require > >shared SSL session cache to be configured as well, and using a SSL > >session cache to store ticket keys. > > Does this mean that a ticket key isn't shared among workers if one is using > a single nginx instance with e.g. four workers? Or is the sharing of that > ticket key handled by a single SSL_CTX in OpenSSL? As of now, ticket keys are created (or read from files specified) during configuration parsing, when SSL_CTX is created. All workers inherit the same configuration from master during fork(), and hence will have identical ticket keys. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
