Re: TLS session resumption (identifier)

2016-03-04 Thread Igor Sysoev
On 04 Mar 2016, at 13:30, B.R. wrote: > On Fri, Mar 4, 2016 at 11:19 AM, Igor Sysoev wrote: > Sorry, I meant there is no performance difference between “none” and “off” > settings. > > ​Well, the client believes he should remember every session ID and

Re: TLS session resumption (identifier)

2016-03-04 Thread B.R.
On Fri, Mar 4, 2016 at 11:19 AM, Igor Sysoev wrote: > Sorry, I meant there is no performance difference between “none” and “off” > settings. > ​Well, the client believes he should remember every session ID and store it somewhere for nothing, reading/resending/writing it on every

Re: TLS session resumption (identifier)

2016-03-04 Thread Igor Sysoev
On 04 Mar 2016, at 12:55, B.R. wrote: > On Fri, Mar 4, 2016 at 10:33 AM, Igor Sysoev wrote: >> But still, advertising something without actually supporting it must lead to >> cases where sessions reuse is believed to take place without ever happening,

Re: TLS session resumption (identifier)

2016-03-04 Thread B.R.
On Fri, Mar 4, 2016 at 10:33 AM, Igor Sysoev wrote: > But still, advertising something without actually supporting it must lead > to cases where sessions reuse is believed to take place without ever > happening, harming performance... that was probably happening in versions < >

Re: TLS session resumption (identifier)

2016-03-04 Thread B.R.
Thanks Igor, that makes the whole thing crystal clear! What saves us there is the fact that, if I understand it well, the RFC 5077 ​ states the server decides by itself on the use of tickets and those have precedence over identifiers. But still,

Re: TLS session resumption (identifier)

2016-03-03 Thread Igor Sysoev
On 03 Mar 2016, at 18:42, B.R. wrote: > Thanks, Maxim. > > You were right: I did my tests improperly... > > What is the use of the 'none' value then? Should not there be only the 'off' > one? > There must be some benefit to it, but I fail to catch it. Initially it

Re: TLS session resumption (identifier)

2016-03-03 Thread B.R.
Thanks, Maxim. You were right: I did my tests improperly... What is the use of the 'none' value then? Should not there be only the 'off' one? There must be some benefit to it, but I fail to catch it. --- *B. R.* On Thu, Mar 3, 2016 at 2:29 PM, Maxim Dounin wrote: > Hello!

Re: TLS session resumption (identifier)

2016-03-03 Thread Maxim Dounin
Hello! On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote: > Based on the default value of ssl_session_cache > , > nginx does not store any session parameter, but allows client with the > right Master Key to reuse their