Browse Source

[mod_openssl] disable session cache; prefer ticket

reduce memory usage and overhead

many TLSv1.2 implementations support TLSv1.2 session ticket extension
personal/stbuehler/ci-build
Glenn Strauss 2 years ago
parent
commit
c93ecb32a5
  1. 5
      src/mod_openssl.c

5
src/mod_openssl.c

@ -1598,6 +1598,11 @@ network_init_ssl (server *srv, plugin_config_socket *s, plugin_data *p)
return -1;
}
/* disable session cache; session tickets are preferred */
SSL_CTX_set_session_cache_mode(s->ssl_ctx, SSL_SESS_CACHE_OFF
| SSL_SESS_CACHE_NO_AUTO_CLEAR
| SSL_SESS_CACHE_NO_INTERNAL);
if (s->ssl_empty_fragments) {
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
ssloptions &= ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;

Loading…
Cancel
Save