Answer the question
In order to leave comments, you need to log in
A
A
akdes2020-04-30 10:54:43
akdes, 2020-04-30 10:54:43
Nginx: SSL Session timeout configured one thing, getting another, why?
Hello.
There is nginx, setting, standard:
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 5m;
5 minutes for the test
To test the operation of sessions and check the timeout, I took openssl cli:
openssl s_client -connect my.com:443 -reconnect -no_ticket
As a result, I get several reconnects with confirmation that the session has been reused:
Log
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ***
Session-ID: ***
Session-ID-ctx:
Master-Key: ***
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1588231577
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ***
Session-ID: ***
Session-ID-ctx:
Master-Key: ***
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1588231577
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
But for some reason, Timeout points to 7200. I
tested a couple of other resources, there is even apache, where timeout is set for a day - I also get 7200.
Hence the questions:
Do I compare the right things with each other?
If yes , then where to dig further to set up the necessary timeout for me and it worked correctly on the client.
If not , please tell me how can I check the real session timeout?
Similar questions
U
W
H
F
F
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question