SSL: raised limit for sessions stored in shared memory.

Upstream SSL sessions may be of a noticeably larger size with tickets
in TLSv1.2 and older versions, or with "stateless" tickets in TLSv1.3,
if a client certificate is saved into the session.  Further, certain
stateless session resumption implemetations may store additional data.

Such one is JDK, known to also include server certificates in session
ticket data, which roughly doubles a decoded session size to slightly
beyond the previous limit.  While it's believed to be an issue on the
JDK side, this change allows to save such sessions.

Another, innocent case is using RSA certificates with 8192 key size.

diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index 25e023b0174db5215b0e4a1fe08ef80c5ea66f6d..b7aaaca7512de1128b641c79c1fb89c4a0e629b7 100644 (file)
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -142,7 +142,7 @@ struct ngx_ssl_connection_s {
 #define NGX_SSL_DFLT_BUILTIN_SCACHE  -5
 
 
-#define NGX_SSL_MAX_SESSION_SIZE  4096
+#define NGX_SSL_MAX_SESSION_SIZE  8192
 
 typedef struct ngx_ssl_sess_id_s  ngx_ssl_sess_id_t;