On 03/17/2009 05:55 PM, Joe Orton:
That's because Apache's default cache timeout is set to 30 seconds or
so. And might be buggy in addition to that.
The default mod_ssl configuration uses a 300 second timeout, not 30.
Oh yes, actually you are right.
There's a plea being made here that mod_ssl should cache sessions by
default for what, hours? Days?
Depending on the needs of the site, but one hour sounds like something
reasonable. I regards to authentication it should be handled as other
short lived sessions I think.
It seems like a poor trade-off to require a larger memory footprint of
all the SSL servers in the world, rather than improve Firefox to be a
bit smarter about caching/allowing-to-be-cached the association between
a client cert and a given URL prefix or whatever.
Well, yes, despite what I wrote before, I've been arguing at some bugs
that Firefox (or NSS for that matter) could make lives easier. I
recognize that there are issues around client auth with Firefox (and
different issues with other browsers). However I never was able to prove
that the problem is with NSS. In my reply to Ian I indicated that we've
been working around this problem differently.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
