When using SSL session tickets for TLS session persistence no session state is supposed to be maintained by a server.
In a configuration with multiple Nginx reverse proxies behind a load balancer, which is round robin distributing requests, any server should be able to resume a TLS session with abbreviated TLS handshake, provided all servers are using the same ssl_session_ticket_key. Is this correct?
Unfortunately it doesn't work as expected for me. As long as subsequent requests are directed to the same Nginx, sessions are resumed by abbreviated hand shake.
Once the frontend load balancer switches to a different Nginx, I can observe a full hand shake. What do I need to configure to enable the session transition described above? Relevant options currently configured on server level:
proxy_ssl_session_reuse on;
ssl_protocols TLSv1.2;
ssl_dhparam ....pem;
ssl_session_cache shared:SSL:64m;
ssl_session_ticket_key ....key;
ssl_dhparam and ssl_session_ticket_key are pointing to identical files on all Nginx nodes.
Nginx version 1.10.3
In a configuration with multiple Nginx reverse proxies behind a load balancer, which is round robin distributing requests, any server should be able to resume a TLS session with abbreviated TLS handshake, provided all servers are using the same ssl_session_ticket_key. Is this correct?
Unfortunately it doesn't work as expected for me. As long as subsequent requests are directed to the same Nginx, sessions are resumed by abbreviated hand shake.
Once the frontend load balancer switches to a different Nginx, I can observe a full hand shake. What do I need to configure to enable the session transition described above? Relevant options currently configured on server level:
proxy_ssl_session_reuse on;
ssl_protocols TLSv1.2;
ssl_dhparam ....pem;
ssl_session_cache shared:SSL:64m;
ssl_session_ticket_key ....key;
ssl_dhparam and ssl_session_ticket_key are pointing to identical files on all Nginx nodes.
Nginx version 1.10.3