Hi,
> Just to be perfectly clear: does that mean that session tickets are > supported for any version of nginx (including <v1.5.9), provided > OpenSSL 0.9.8f is available? Yes. > So the directive would be kind of 'intercepting' TLS commands, a man in > the middle of client and OpenSSL? No, the feature [1] sets SSL_OP_NO_TICKET [2], which instructs OpenSSL to NOT use TLS tickets. By default, OpenSSL uses tickets. > The only information for ssl_session_timout is “Specifies a time during > which a client may reuse the session parameters stored in a cache.” > It does not say anything about purging the TLS/SSL Cache which is my > concern here. I don't think the sessions are purged, its probably an LRU. Lukas [1] http://hg.nginx.org/nginx/rev/d049b0ea00a3 [2] https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
