Hi all
I have a project i'm working on which i want to use ssl_session_tickets on, but i can't get it to work. My project is a caching proxy so it's not serving local content. Config (relevant part) is:
listen 443;
ssl on;
ssl_certificate /etc/nginx/current/tls/certs/xxx.crt;
ssl_certificate_key /etc/nginx/current/tls/private/xxx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers !NULL:!SSLv2:!EXP:!MD5:!aNULL:!PSK:!kEDH:!KRB5:!ADH:!DES:!RC4:!CAMELLIA:AES128:HIGH:3DES;
ssl_ecdh_curve prime256v1;
ssl_buffer_size 4k;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:global_ssl_cache:128m;
ssl_stapling off;
ssl_stapling_verify off;
ssl_session_timeout 20m;
ssl_session_tickets on;
ssl_session_ticket_key /etc/nginx/current/tls/session/tkt.key;
ssl_dhparam /etc/nginx/current/tls/private/dh.param;
keepalive_timeout 300;
I log the $ssl_session_reused variable in my access logs and with the above, i always see a "." (session not reused).
I'm on nginx 1.9.10, compiled from source with opensll 1.0.2e on centos 7 on AWS.
Does anyone know why session reuse isnt working? My main thoughts are, could it be due to:
* the requests being proxied, not locally served files
* perhaps my choice of ciphers is an issue
Does anyone have any suggestions? i have a test instance so i can try literally anything.
Thanks in advance!
Neil
I have a project i'm working on which i want to use ssl_session_tickets on, but i can't get it to work. My project is a caching proxy so it's not serving local content. Config (relevant part) is:
listen 443;
ssl on;
ssl_certificate /etc/nginx/current/tls/certs/xxx.crt;
ssl_certificate_key /etc/nginx/current/tls/private/xxx.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers !NULL:!SSLv2:!EXP:!MD5:!aNULL:!PSK:!kEDH:!KRB5:!ADH:!DES:!RC4:!CAMELLIA:AES128:HIGH:3DES;
ssl_ecdh_curve prime256v1;
ssl_buffer_size 4k;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:global_ssl_cache:128m;
ssl_stapling off;
ssl_stapling_verify off;
ssl_session_timeout 20m;
ssl_session_tickets on;
ssl_session_ticket_key /etc/nginx/current/tls/session/tkt.key;
ssl_dhparam /etc/nginx/current/tls/private/dh.param;
keepalive_timeout 300;
I log the $ssl_session_reused variable in my access logs and with the above, i always see a "." (session not reused).
I'm on nginx 1.9.10, compiled from source with opensll 1.0.2e on centos 7 on AWS.
Does anyone know why session reuse isnt working? My main thoughts are, could it be due to:
* the requests being proxied, not locally served files
* perhaps my choice of ciphers is an issue
Does anyone have any suggestions? i have a test instance so i can try literally anything.
Thanks in advance!
Neil