Sn0rt commented on issue #9525: URL: https://github.com/apache/apisix/issues/9525#issuecomment-1659869813
@wangkpot We are now using a fixed ssl_session_timeout: https://github.com/apache/apisix/blob/455d5bfac93ed1b16bc9d0209bb29143c22a5585/apisix/cli/ngx_tpl.lua#L626 So it is indeed possible that the cert expires but the ssl session can still be reused. The solution is indeed as what @tokers said before, a measure of cert expiration is needed to dynamically change ssl_session_timeout, which requires a certain amount of work: https://github.com/apache/apisix/issues/9525#issuecomment-1608851793 Based on the above reasons, it is concluded that: APISIX will ignore this issues. In a production environment, certificates are generally replaced 30 days before expiration. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
