Thank you very much for your answer and sorry for the US media political
So, if I understand correctly, using ssl_session_timeout makes sure that
after the specified amount of time, the TLS/SSL Sessions will be
removed/purged from the TLS/SSL Shared Cache?
Is that correct?
From: nginx [mailto:[email protected]] On Behalf Of B.R.
Sent: lundi 11 avril 2016 13:23
To: nginx ML [email protected]
Subject: Re: TLS/SSL Cache Automatic Purge
Sounds like US media political messages: ‘I am Arnaud, and I approve
this message’. That said, welcome!
You will have to write your own module if you want to manually delete
TLS sessions parameters instead of letting them expire after 10 minutes.
You could also emulate this daily purge by keeping stock nginx but
albeit I for one do not recommend such settings since sessions
parameters should probably not be remembered that long for several
On a side-note, by default nginx does not store session parameters as it
, supported since v1.5.9, over sessions ID.
The former is a more recent mechanism than the latter, and has the
notable benefit of storing session parameters client-side, which scales,
avoids cache management trouble as yours and some other ones. There are
about that in the Web tubes.
Why not sticking with those defaults (or even set ssl_session_cache to
off to be absolutely clear)?
On Mon, Apr 11, 2016 at 10:41 AM, Arnaud Van der Vorst
<[email protected] mailto:[email protected] > wrote:
My name is Arnaud and I am new to the list.
I would like to know if NGINX is using any automatic purge mechanism for
its TLS/SSL Cache configured using the following directives:
I understand that a daily purge of TLS/SSL Cache is highly recommended
to avoid breaking Perfect Forward Secrecy of the TLS Protocol.
If it does NOT use automatic purge, how can I purge the Shared cache
used by NGINX then?
Are there any command line tools for that purpose?
Thank you very much in advance for your answer and have a nice day!