Be more precise.

author Rainer Jung <rjung@apache.org>

Fri, 22 May 2015 08:20:24 +0000 (08:20 +0000)

committer Rainer Jung <rjung@apache.org>

Fri, 22 May 2015 08:20:24 +0000 (08:20 +0000)
author Rainer Jung <rjung@apache.org>
Fri, 22 May 2015 08:20:24 +0000 (08:20 +0000)
committer Rainer Jung <rjung@apache.org>
Fri, 22 May 2015 08:20:24 +0000 (08:20 +0000)
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml

index 218a840147ac140c59b475939fc4baa2c9a2f038..aa9d503ac702e7da595f303995342f9e63079714 100644 (file)
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -2563,7 +2563,9 @@ dd if=/dev/random of=/path/to/file.tkey bs=1 count=48
  
  <p>Ticket keys should be rotated (replaced) on a frequent basis,
  as this is the only way to invalidate an existing session ticket -
-OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.</p>
+OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.
+A new ticket key only gets used after restarting the web server.
+All existing session tickets become invalid after a restart.</p>
  
  <note type="warning">
  <p>The ticket key file contains sensitive keying material and should
author	Rainer Jung <rjung@apache.org>
	Fri, 22 May 2015 08:20:24 +0000 (08:20 +0000)
committer	Rainer Jung <rjung@apache.org>
	Fri, 22 May 2015 08:20:24 +0000 (08:20 +0000)