SSL: raised limit for sessions stored in shared memory.

Upstream SSL sessions may be of a noticeably larger size with tickets in TLSv1.2 and older versions, or with "stateless" tickets in TLSv1.3, if a client certificate is saved into the session. Further, certain stateless session resumption implemetations may store additional data. Such one is JDK, known to also include server certificates in session ticket data, which roughly doubles a decoded session size to slightly beyond the previous limit. While it's believed to be an issue on the JDK side, this change allows to save such sessions. Another, innocent case is using RSA certificates with 8192 key size.
author: Sergey Kandaurov <pluknet@nginx.com> 2025-02-25 19:50:44 +0400
committer: pluknet <pluknet@nginx.com> 2025-02-26 17:40:03 +0400
commit: 91245922027767c64e4e6661bf5e7623365c2328 (patch)
tree: 033d8ff20bdc4f1f23ee6e5dcac6fab5a516f2bb
parent: 3d7304b527d1fb6eb697eb8719f286ba7b8e90de (diff)
download: nginx-91245922027767c64e4e6661bf5e7623365c2328.tar.gz
nginx-91245922027767c64e4e6661bf5e7623365c2328.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 25e023b01..b7aaaca75 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -142,7 +142,7 @@ struct ngx_ssl_connection_s {
 #define NGX_SSL_DFLT_BUILTIN_SCACHE  -5
 
 
-#define NGX_SSL_MAX_SESSION_SIZE  4096
+#define NGX_SSL_MAX_SESSION_SIZE  8192
 
 typedef struct ngx_ssl_sess_id_s  ngx_ssl_sess_id_t;
author	Sergey Kandaurov <pluknet@nginx.com>	2025-02-25 19:50:44 +0400
committer	pluknet <pluknet@nginx.com>	2025-02-26 17:40:03 +0400
commit	91245922027767c64e4e6661bf5e7623365c2328 (patch)
tree	033d8ff20bdc4f1f23ee6e5dcac6fab5a516f2bb
parent	3d7304b527d1fb6eb697eb8719f286ba7b8e90de (diff)
download	nginx-91245922027767c64e4e6661bf5e7623365c2328.tar.gz nginx-91245922027767c64e4e6661bf5e7623365c2328.zip