tokers commented on issue #9525:
URL: https://github.com/apache/apisix/issues/9525#issuecomment-1608793924
As per the RFC 5426:
> Sessions cannot be resumed unless both the client and server agree.
If either party suspects that the session may have been compromised,
or that certificates may have expired or been revoked, it should
force a full handshake.
It seems that APISIX should force a full handshake when the session is
compromised. Currently, APISIX uses the built-in Nginx way to store and reuse
TLS sessions. If we want to fix this behavior, we may need some effort to
change the Nginx core.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
