Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8074:026ee23b6774
SSL: disabled saving tickets to session cache.
OpenSSL tries to save TLSv1.3 sessions into session cache even when using
tickets for stateless session resumption, "because some applications just
want to know about the creation of a session". To avoid trashing session
cache with useless data, we do not save such sessions now.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 12 Oct 2022 20:14:34 +0300 |
| parents | ba5cf8f73a2d |
| children | 38c71f9b2293 |
comparison
equal
deleted
inserted
replaced
| 8073:aa663cc2a77d | 8074:026ee23b6774 |
|---|---|
| 3816 ngx_slab_pool_t *shpool; | 3816 ngx_slab_pool_t *shpool; |
| 3817 ngx_ssl_sess_id_t *sess_id; | 3817 ngx_ssl_sess_id_t *sess_id; |
| 3818 ngx_ssl_session_cache_t *cache; | 3818 ngx_ssl_session_cache_t *cache; |
| 3819 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; | 3819 u_char buf[NGX_SSL_MAX_SESSION_SIZE]; |
| 3820 | 3820 |
| 3821 #ifdef TLS1_3_VERSION | |
| 3822 | |
| 3823 /* | |
| 3824 * OpenSSL tries to save TLSv1.3 sessions into session cache | |
| 3825 * even when using tickets for stateless session resumption, | |
| 3826 * "because some applications just want to know about the creation | |
| 3827 * of a session"; do not cache such sessions | |
| 3828 */ | |
| 3829 | |
| 3830 if (SSL_version(ssl_conn) == TLS1_3_VERSION | |
| 3831 && (SSL_get_options(ssl_conn) & SSL_OP_NO_TICKET) == 0) | |
| 3832 { | |
| 3833 return 0; | |
| 3834 } | |
| 3835 | |
| 3836 #endif | |
| 3837 | |
| 3821 len = i2d_SSL_SESSION(sess, NULL); | 3838 len = i2d_SSL_SESSION(sess, NULL); |
| 3822 | 3839 |
| 3823 /* do not cache too big session */ | 3840 /* do not cache too big session */ |
| 3824 | 3841 |
| 3825 if (len > (int) NGX_SSL_MAX_SESSION_SIZE) { | 3842 if (len > (int) NGX_SSL_MAX_SESSION_SIZE) { |