My question is, what is the downfall, if any, of setting the timeout to
720m which is 12 hours. Seems like caching longer would be better. Or,
there a security risk of caching for such a long time?
On Fri, Dec 14, 2012 at 01:45:34AM -0500, justin wrote:
Browsing my nginx error log noticed the following logged A LOT:
2012/12/13 21:37:18 [crit] 7968#0: ngx_slab_alloc() failed: no memory in SSL
session shared cache “SSL_CACHE”
If the cache fills, does it flush older entries for new entries? Basically,
how does the SSL cache work exactly?
If there is no memory available in a shared cache, oldest
non-expired session will be dropped. In most cases this will be
enough to create new session, but I wouldn’t rely on this as this
is more an emergency mechanism than a normal behaviour.
Thanks for the reply, so if the oldest cache entries are automatically
purged why am I seeing:
ngx_slab_alloc() failed: no memory in SSL session shared cache
Logged thousands upon thousands of times in my error log? Was this
even though at that time my expiration was 5m, the cache was full, and
couldn’t purge any cache entries because none were expired?
If this is the case, I recommend changing the message from critical
a notice. Basically, just means that SSL connections could not use
they were not failing, just slower. Probably shouldn’t be a critical
Posted at Nginx Forum:
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.