- Timestamp:
- Jun 20, 2016, 2:51:01 PM (3 years ago)
- Branches:
- debian/master, debian/stretch-backports, master, upstream
- Children:
- 743e31f
- Parents:
- 5a5032f
- git-author:
- Thomas Klute <thomas2.klute@…> (06/20/16 13:29:13)
- git-committer:
- Thomas Klute <thomas2.klute@…> (06/20/16 14:51:01)
- File:
-
- 1 edited
-
doc/mod_gnutls_manual.mdwn (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
doc/mod_gnutls_manual.mdwn
r5a5032f re9ef72c 133 133 134 134 To avoid storing data for TLS session resumption it is allowed to 135 provide client with a ticket, to use on return. Use for servers with 136 limited storage, and don't combine with GnuTLSCache. For a pool of 137 servers this option is not recommended since the tickets are unique 138 for the issuing server only. 139 135 provide client with a ticket, to use on return. Tickets are an 136 alternative to using a session cache, mostly used for busy servers 137 with limited storage. For a pool of servers this option is not 138 recommended since the tickets are bound to the issuing server only. 139 140 If this option is set in the global configuration, virtual hosts 141 without a `GnuTLSSessionTickets` setting will use the global setting. 142 143 *Warning:* Currently the master key that protects the tickets is 144 generated only on server start, and there is no mechanism to roll over 145 the key. If session tickets are enabled it is highly recommened to 146 restart the server regularly to protect past sessions in case an 147 attacker gains access to server memory. 140 148 141 149 `GnuTLSCertificateFile` … … 685 693 # This could also be 'Listen *:443', 686 694 # just like '*:80' is common for non-https 687 # No caching. Enable session tickets. Timeout is still used for688 # ticket expiration.689 GnuTLSCacheTimeout 600690 695 # This tells apache, that for this IP/Port combination, we want to use 691 696 # Name Based Virtual Hosting. In the case of Server Name Indication,
Note: See TracChangeset
for help on using the changeset viewer.
