From 7da0e3ca0ae8a0f96cb255c0b13774d419034699 Mon Sep 17 00:00:00 2001
From: Rainer Jung
Date: Fri, 22 May 2015 08:20:24 +0000
Subject: [PATCH] Be more precise.
Backport of r1681037 from trunk.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1681034 13f79535-47bb-0310-9956-ffa450edef68
---
docs/manual/mod/mod_ssl.xml | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index 218a840147..aa9d503ac7 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -2563,7 +2563,9 @@ dd if=/dev/random of=/path/to/file.tkey bs=1 count=48
Ticket keys should be rotated (replaced) on a frequent basis,
as this is the only way to invalidate an existing session ticket -
-OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.
+OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.
+A new ticket key only gets used after restarting the web server.
+All existing session tickets become invalid after a restart.
The ticket key file contains sensitive keying material and should
--
2.40.0