Be more precise.

author Rainer Jung <rjung@apache.org>

Fri, 22 May 2015 08:22:19 +0000 (08:22 +0000)

committer Rainer Jung <rjung@apache.org>

Fri, 22 May 2015 08:22:19 +0000 (08:22 +0000)
author Rainer Jung <rjung@apache.org>
Fri, 22 May 2015 08:22:19 +0000 (08:22 +0000)
committer Rainer Jung <rjung@apache.org>
Fri, 22 May 2015 08:22:19 +0000 (08:22 +0000)
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml

index a087267fed7c22e1734770f80f9bf00927d9dbc8..851aa1b1f54dd1b58e659c2e906fdb21f0a09788 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -2564,7 +2564,9 @@ dd if=/dev/random of=/path/to/file.tkey bs=1 count=48
  
  <p>Ticket keys should be rotated (replaced) on a frequent basis,
  as this is the only way to invalidate an existing session ticket -
-OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.</p>
+OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.
+A new ticket key only gets used after restarting the web server.
+All existing session tickets become invalid after a restart.</p>
  
  <note type="warning">
  <p>The ticket key file contains sensitive keying material and should
author	Rainer Jung <rjung@apache.org>
	Fri, 22 May 2015 08:22:19 +0000 (08:22 +0000)
committer	Rainer Jung <rjung@apache.org>
	Fri, 22 May 2015 08:22:19 +0000 (08:22 +0000)