[mod_openssl] disable session cache; prefer ticket

reduce memory usage and overhead many TLSv1.2 implementations support TLSv1.2 session ticket extension
3 years ago · c93ecb32a5
parent 83fb1aed6f
commit c93ecb32a5
1 changed files with 5 additions and 0 deletions
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@ -1598,6 +1598,11 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p)
            return -1;
        }

+        /* disable session cache; session tickets are preferred */
+        SSL_CTX_set_session_cache_mode(s->ssl_ctx, SSL_SESS_CACHE_OFF
+                                                 | SSL_SESS_CACHE_NO_AUTO_CLEAR
+                                                 | SSL_SESS_CACHE_NO_INTERNAL);
+
        if (s->ssl_empty_fragments) {
          #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
            ssloptions &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;