On 6/9/2016 7:00 PM, Brandon Black wrote:
> On Thu, Jun 9, 2016 at 4:53 PM, Richard Fussenegger
> wrote:
>> Note that a solution for session ticket key rotation is actually trivial:
> Definitely agreed that a ticket-based solution is much better. The
> problem is that we still face a significant
On Thu, Jun 9, 2016 at 4:53 PM, Richard Fussenegger
wrote:
> Note that a solution for session ticket key rotation is actually trivial:
Definitely agreed that a ticket-based solution is much better. The
problem is that we still face a significant volume of real-world
browser clients that fail to
Note that a solution for session ticket key rotation is actually trivial:
https://github.com/Fleshgrinder/nginx-session-ticket-key-rotation
http://richard.fussenegger.info/ma/masters-thesis-web-signed.pdf#107
The second link contains some more info on the actual implementation and the
relevant
This topic has been brought up before here on the forums with no response [1].
The blog post linked there from Tim Taubert [2] suggests that entries
in an ssl_session_cache (and let's presume the common case here that
it's a shm cache) don't get explicitly purged on expiry. It seems to
be backed
