Re: SSL session cache lifetime vs session ticket lifetime

2014-07-10 Thread Piotr Sikora
Hey, > Maybe SSL_CTX_set_timeout() should be moved to the beginning of > ngx_ssl_session_cache() then. http://hg.nginx.org/nginx/rev/767aa37f12de Best regards, Piotr Sikora ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listin

Re: SSL session cache lifetime vs session ticket lifetime

2014-07-10 Thread WuBingzheng
ime big enough? Maybe SSL_CTX_set_timeout() should be moved to the beginning of ngx_ssl_session_cache() then. Thanks Wu -- View this message in context: http://nginx.2469901.n2.nabble.com/SSL-session-cache-lifetime-vs-session-ticket-lifetime-tp7588963p7590693.html Sent from the nginx mailing l

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-31 Thread Maxim Dounin
Hello! On Fri, Mar 28, 2014 at 11:38:53PM +0400, Valentin V. Bartenev wrote: > On Thursday 27 March 2014 20:23:15 Maxim Dounin wrote: > > Hello! > > > > On Wed, Mar 26, 2014 at 01:34:19PM +0400, kyprizel wrote: > > > > > will be "log_alloc_failures" better? > > > > I think something like "log_

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-28 Thread Valentin V. Bartenev
On Thursday 27 March 2014 20:23:15 Maxim Dounin wrote: > Hello! > > On Wed, Mar 26, 2014 at 01:34:19PM +0400, kyprizel wrote: > > > will be "log_alloc_failures" better? > > I think something like "log_nomem" will be good enough. > Patch: > > # HG changeset patch > # User Maxim Dounin > # Date

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-28 Thread Maxim Dounin
Hello! On Fri, Mar 28, 2014 at 01:33:28PM +0400, kyprizel wrote: > Will this patch be applied to mainline? Most likely it will, but testing and review are appreciated, as usual. > > > > On Thu, Mar 27, 2014 at 8:23 PM, Maxim Dounin wrote: > > > Hello! > > > > On Wed, Mar 26, 2014 at 01:34

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-28 Thread kyprizel
Will this patch be applied to mainline? On Thu, Mar 27, 2014 at 8:23 PM, Maxim Dounin wrote: > Hello! > > On Wed, Mar 26, 2014 at 01:34:19PM +0400, kyprizel wrote: > > > will be "log_alloc_failures" better? > > I think something like "log_nomem" will be good enough. > Patch: > > # HG changeset

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-27 Thread Maxim Dounin
Hello! On Wed, Mar 26, 2014 at 01:34:19PM +0400, kyprizel wrote: > will be "log_alloc_failures" better? I think something like "log_nomem" will be good enough. Patch: # HG changeset patch # User Maxim Dounin # Date 1395937285 -14400 # Thu Mar 27 20:21:25 2014 +0400 # Node ID 2cc8b9fc7efbf

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-26 Thread kyprizel
will be "log_alloc_failures" better? On Mon, Mar 24, 2014 at 4:10 PM, kyprizel wrote: > Any suggestions to the name? > > > > On Mon, Mar 24, 2014 at 3:56 PM, Maxim Dounin wrote: > >> Hello! >> >> On Mon, Mar 24, 2014 at 02:59:57PM +0400, kyprizel wrote: >> >> > something like this? >> >> Yes,

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-24 Thread kyprizel
Any suggestions to the name? On Mon, Mar 24, 2014 at 3:56 PM, Maxim Dounin wrote: > Hello! > > On Mon, Mar 24, 2014 at 02:59:57PM +0400, kyprizel wrote: > > > something like this? > > Yes, something like. But initialized and with a better name. > > > > > > > On Tue, Mar 18, 2014 at 8:00 PM, Ma

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-24 Thread Maxim Dounin
Hello! On Mon, Mar 24, 2014 at 02:59:57PM +0400, kyprizel wrote: > something like this? Yes, something like. But initialized and with a better name. > > > On Tue, Mar 18, 2014 at 8:00 PM, Maxim Dounin wrote: > > > Hello! > > > > On Tue, Mar 18, 2014 at 03:42:33PM +0400, kyprizel wrote: > >

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-24 Thread kyprizel
something like this? On Tue, Mar 18, 2014 at 8:00 PM, Maxim Dounin wrote: > Hello! > > On Tue, Mar 18, 2014 at 03:42:33PM +0400, kyprizel wrote: > > > What will be the best way to do it? > > Probably a flag in ngx_slab_pool_t will be good enough. > > > > > > > On Tue, Mar 18, 2014 at 3:33 PM, M

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-18 Thread Maxim Dounin
Hello! On Tue, Mar 18, 2014 at 03:42:33PM +0400, kyprizel wrote: > What will be the best way to do it? Probably a flag in ngx_slab_pool_t will be good enough. > > > On Tue, Mar 18, 2014 at 3:33 PM, Maxim Dounin wrote: > > > Hello! > > > > On Tue, Mar 18, 2014 at 03:26:10PM +0400, kyprizel w

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-18 Thread kyprizel
What will be the best way to do it? On Tue, Mar 18, 2014 at 3:33 PM, Maxim Dounin wrote: > Hello! > > On Tue, Mar 18, 2014 at 03:26:10PM +0400, kyprizel wrote: > > > Hi, > > currently SSL session lifetime and SSL ticket lifetime are equal in > nginx. > > > > If we use session tickets with big e

Re: SSL session cache lifetime vs session ticket lifetime

2014-03-18 Thread Maxim Dounin
Hello! On Tue, Mar 18, 2014 at 03:26:10PM +0400, kyprizel wrote: > Hi, > currently SSL session lifetime and SSL ticket lifetime are equal in nginx. > > If we use session tickets with big enough lifetime (12hrs), we get a lot of > error log messages while allocating new sessions in shared memory:

SSL session cache lifetime vs session ticket lifetime

2014-03-18 Thread kyprizel
Hi, currently SSL session lifetime and SSL ticket lifetime are equal in nginx. If we use session tickets with big enough lifetime (12hrs), we get a lot of error log messages while allocating new sessions in shared memory: 2014/03/18 13:36:08 [crit] 18730#0: ngx_slab_alloc() failed: no memory in S