git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 8f702a5) | patch

author	Dirkjan Bussink <d.bussink@gmail.com>
	Fri, 10 Jan 2014 15:12:40 +0000 (16:12 +0100)
committer	Dirkjan Bussink <d.bussink@gmail.com>
	Fri, 10 Jan 2014 15:12:40 +0000 (16:12 +0100)
commit	58a240d7735652138da46c64b5eb9e661e5533f5
tree	25adc7dab79259f7609804a14ba651d6dae5f992	tree \| snapshot
parent	8f702a573a28622a855ad83d28f49270232b7ad3	commit \| diff

SSL: ssl_session_tickets directive.

This adds support so it's possible to explicitly disable SSL Session
Tickets. In order to have good Forward Secrecy support either the
session ticket key has to be reloaded by using nginx' binary upgrade
process or using an external key file and reloading the configuration.
This directive adds another possibility to have good support by
disabling session tickets altogether.

If session tickets are enabled and the process lives for a long a time,
an attacker can grab the session ticket from the process and use that to
decrypt any traffic that occured during the entire lifetime of the
process.

src/http/modules/ngx_http_ssl_module.c		diff \| blob \| history
src/http/modules/ngx_http_ssl_module.h		diff \| blob \| history
src/mail/ngx_mail_ssl_module.c		diff \| blob \| history
src/mail/ngx_mail_ssl_module.h		diff \| blob \| history

nginx upstream