You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Leif Hedstrom (JIRA)" <ji...@apache.org> on 2016/06/20 16:16:05 UTC
[jira] [Commented] (TS-3371) Should create a global session ticket
disable
[ https://issues.apache.org/jira/browse/TS-3371?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15339821#comment-15339821 ]
Leif Hedstrom commented on TS-3371:
-----------------------------------
I think we have to take a step back here, and decide how we want these session ticket configs to be handles. It's quite a mess now, with the current implementation using the IP instead of the 16-byte identifier string. One option is to just have a global (records.config) ticket secret, and then having this as a global records.config setting also seems like it'd be required.
> Should create a global session ticket disable
> ---------------------------------------------
>
> Key: TS-3371
> URL: https://issues.apache.org/jira/browse/TS-3371
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Susan Hinrichs
> Assignee: Syeda Persia Aziz
> Fix For: sometime
>
>
> The current implementation requires the user to set the ssl_ticket_enabled=0 for every entry in ssl_multiserver.config to turn off the ssl ticket session support.
> It would be better to have a global switch. It seems highly unlikely that someone will want to deploy ssl tickets for some destinations but not others.
> Would also be good to have a switch to disable ATS from offering session tickets when communicating with origin servers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)