IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-01-06 22:23:00 -06:00
Code Issues Packages Projects Releases Wiki Activity

SSL: disabled saving tickets to session cache.

Browse Source 
OpenSSL tries to save TLSv1.3 sessions into session cache even when using
tickets for stateless session resumption, "because some applications just
want to know about the creation of a session".  To avoid trashing session
cache with useless data, we do not save such sessions now.
This commit is contained in:
Maxim Dounin 2022-10-12 20:14:34 +03:00
parent f27af85016
commit 23ce9baf0e
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/event/ngx_event_openssl.c
View File

@ -3818,6 +3818,23 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess)
ngx_ssl_session_cache_t *cache;
u_char buf[NGX_SSL_MAX_SESSION_SIZE];
#ifdef TLS1_3_VERSION
/*
* OpenSSL tries to save TLSv1.3 sessions into session cache
* even when using tickets for stateless session resumption,
* "because some applications just want to know about the creation
* of a session"; do not cache such sessions
*/
if (SSL_version(ssl_conn) == TLS1_3_VERSION
&& (SSL_get_options(ssl_conn) & SSL_OP_NO_TICKET) == 0)
{
return 0;
}
#endif
len = i2d_SSL_SESSION(sess, NULL);
/* do not cache too big session */