Extend the scope of SSLSessionCacheTimeout to sessions

author Rainer Jung <rjung@apache.org>

Sun, 13 Jul 2014 22:30:44 +0000 (22:30 +0000)

committer Rainer Jung <rjung@apache.org>

Sun, 13 Jul 2014 22:30:44 +0000 (22:30 +0000)
author Rainer Jung <rjung@apache.org>
Sun, 13 Jul 2014 22:30:44 +0000 (22:30 +0000)
committer Rainer Jung <rjung@apache.org>
Sun, 13 Jul 2014 22:30:44 +0000 (22:30 +0000)
diff --git a/CHANGES b/CHANGES

index 29e3e6c44ae6391beee6ebe6b6d21de30b65a353..8342552217726a7e3b4b0d8167b16efcf660c4e2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.5.0
  
+  *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions
+     resumed by TLS session resumption (RFC 5077). [Rainer Jung]
+
    *) mod_proxy_ajp: Forward local IP address as a custom request attribute
       like we already do for the remote port. [Rainer Jung]
  
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml

index 52be8774e4ff881cac7bce0fa35c23efb4594e6f..73641d3c426d3cbb4218e5abaecfda93554eed31 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -500,7 +500,8 @@ in the Session Cache</description>
  <usage>
  <p>
  This directive sets the timeout in seconds for the information stored in the
-global/inter-process SSL Session Cache and the OpenSSL internal memory cache.
+global/inter-process SSL Session Cache, the OpenSSL internal memory cache and
+for sessions resumed by TLS session resumption (RFC 5077).
  It can be set as low as 15 for testing, but should be set to higher
  values like 300 in real life.</p>
  <example><title>Example</title>
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c

index df9b64b4540bfc57f2bc5418bcab02e0aa149952..71942da4dc27dbbea8735db1a0c413df687dedce 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1468,6 +1468,10 @@ static apr_status_t ssl_init_server_ctx(server_rec *s,
      }
  #endif
  
+    SSL_CTX_set_timeout(sc->server->ssl_ctx,
+                        sc->session_cache_timeout == UNSET ?
+                        SSL_SESSION_CACHE_TIMEOUT : sc->session_cache_timeout);
+
      return APR_SUCCESS;
  }
author	Rainer Jung <rjung@apache.org>
	Sun, 13 Jul 2014 22:30:44 +0000 (22:30 +0000)
committer	Rainer Jung <rjung@apache.org>
	Sun, 13 Jul 2014 22:30:44 +0000 (22:30 +0000)
CHANGES		patch \| blob \| history
docs/manual/mod/mod_ssl.xml		patch \| blob \| history
modules/ssl/ssl_engine_init.c		patch \| blob \| history