Add support for SSL/TLS session tickets
Bug #1866746 reported by
Haw Loeung
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Content Cache Charm |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
Hi,
To reduce CPU usage in SSL/TLS session handshaking, let's enable use of session tickets. This will allow us to increase the number of requests we can handle. See:
| https:/
One idea is to expose the ticket key as a charm config variable so it can be easily rotated out semi-frequently and also will remain consistent across the units (and preferably
not persisting to disk).
Changed in content-cache-charm: | |
importance: | Undecided → Wishlist |
status: | New → Triaged |
To post a comment you must log in.
Per Joel's comment in MP:380460:
"""
Also, as discussed, it would be preferable to use session tickets which removes the need for state to be stored on the servers and allows session resumption across all frontends if they share keys. The challenge is ensuring frequent rotation and preferably not persisting ticket keys to disk.
"""