Changeset 7105869 in mod_gnutls


Ignore:
Timestamp:
Sep 29, 2018, 5:47:04 PM (2 years ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
debian/master, master, proxy-ticket
Children:
ed5d2b8
Parents:
b4eef18
Message:

Update GnuTLSCache documentation

File:
1 edited

Legend:

Unmodified
Added
Removed

  • doc/mod_gnutls_manual.mdwn

    rb4eef18 r7105869  
    7171Configure TLS Session Cache
    7272
    73     GnuTLSCache [dbm|gdbm|memcache|none] [PATH|SERVERLIST|-]
     73    GnuTLSCache (shmcb|dbm|memcache|...|none)[:PARAMETERS]
    7474
    7575Default: `GnuTLSCache none`\
    7676Context: server config
    7777
    78 This directive configures the TLS Session Cache for `mod_gnutls`.
    79 This could be shared between machines of different architectures. If a
    80 DBM cache is used, access is serialized using the `gnutls-cache`
    81 mutex. Which DBM types are available is part of the APR (Apache
    82 Portable Runtime) compile time configuration.
    83 
    84 `dbm` (Requires Berkeley DBM)
    85 :   Uses the Berkeley DB backend of APR DBM to cache TLS Session
    86         data.
    87 
    88         The argument is a relative or absolute path to be used as
    89     the DBM Cache file. This is compatible with most operating
    90     systems.
    91 
    92 `gdbm` (Requires GDBM)
    93 :   Uses the GDBM backend of APR DBM to cache TLS Session data.
    94 
    95     The argument is a relative or absolute path to be used as the DBM
    96     Cache file.
     78This directive configures the TLS Session Cache for `mod_gnutls`. This
     79could be shared between machines of different architectures. If the
     80selected cache implementation is not thread-safe, access is serialized
     81using the `gnutls-cache` mutex.
     82
     83Which cache implementations are available depends on your Apache
     84installation and configuration, `mod_gnutls` can use any socache
     85provider. In general you will need to load a `mod_socache_PROVIDER`
     86module. Common options are described below, please check the Apache
     87HTTPD documentation for details on available providers and their
     88configuration.
     89
     90`shmcb`
     91:   Uses a shared memory segment. This is a high performance local
     92    cache. The parameter is a relative or absolute path to be used if
     93    the local shared memory implementation requires one, followed by
     94    the cache size in bytes enclosed in parentheses.
     95
     96    Example: `shmcb:cache/gnutls_cache(65536)`
     97
     98`dbm`
     99:   Uses a DBM cache file. The parameter is a relative or absolute
     100    path to be used as the DBM cache file.
     101
     102    Example: `dbm:cache/gnutls_cache`
    97103
    98104`memcache`
    99 :   Uses memcached server(s) to cache TLS Session data.
    100 
    101     The argument is a space separated list of servers. If no port
    102     number is supplied, the default of 11211 is used.  This can be
    103     used to share a session cache between all servers in a cluster.
     105:   Uses memcached server(s) to cache TLS session data. The parameter
     106    is a comma separated list of servers (host:port). This can be used
     107    to share a session cache between all servers in a cluster.
     108
     109    Example: `memcache:memcache.example.com:12345,memcache2.example.com:12345`
    104110
    105111`none`
    106 :   Turns off all caching of TLS Sessions.
    107 
    108     This can significantly reduce the performance of `mod_gnutls` since
    109     even followup connections by a client must renegotiate parameters
    110     instead of reusing old ones.  This is the default, since it
    111     requires no configuration.
     112:   Turns off all caching of TLS sessions.
     113
     114    This can significantly reduce the performance of `mod_gnutls`
     115    since even followup connections by a client must renegotiate
     116    parameters instead of reusing old ones. This is the default, since
     117    it requires no configuration.
     118
     119    Session tickets are an alternative to using a session cache,
     120    please see `GnuTLSSessionTickets`. Note that for TLS 1.3 GnuTLS
     121    supports resumption using session tickets only as of version
     122    3.6.4.
    112123
    113124### GnuTLSCacheTimeout
     
    723734     # Load the module into Apache.
    724735     LoadModule gnutls_module modules/mod_gnutls.so
    725      GnuTLSCache gdbm /var/cache/www-tls-cache
     736     GnuTLSCache dbm:/var/cache/www-tls-cache
    726737     GnuTLSCacheTimeout 500
    727738
     
    840851     # Load the module into Apache.
    841852     LoadModule gnutls_module modules/mod_gnutls.so
    842      GnuTLSCache memcache "192.0.2.1:11211 192.0.2.2:11211"
     853     GnuTLSCache memcache:192.0.2.1:11211,192.0.2.2:11211
    843854     GnuTLSCacheTimeout 600
    844855
Note: See TracChangeset for help on using the changeset viewer.