- tune.sndbuf.server
- tune.ssl.cachesize
- tune.ssl.lifetime
+ - tune.ssl.force-private-cache
- tune.ssl.maxrecord
- tune.zlib.memlevel
- tune.zlib.windowsize
and are shared between all processes if "nbproc" is greater than 1. Setting
this value to 0 disables the SSL session cache.
+tune.ssl.force-private-cache
+ This boolean disables SSL session cache sharing between all processes. It
+ should normally not be used since it will force many renegotiations due to
+ clients hitting a random process. But it may be required on some operating
+ systems where none of the SSL cache synchronization method may be used. In
+ this case, adding a first layer of hash-based load balancing before the SSL
+ layer might limit the impact of the lack of session sharing.
+
tune.ssl.lifetime <timeout>
Sets how long a cached SSL session may remain valid. This time is expressed
in seconds and defaults to 300 (5 min). It is important to understand that it
int cookie_len; /* max length of cookie captures */
#ifdef USE_OPENSSL
int sslcachesize; /* SSL cache size in session, defaults to 20000 */
+ int sslprivatecache; /* Force to use a private session cache even if nbproc > 1 */
unsigned int ssllifetime; /* SSL session lifetime in seconds */
unsigned int ssl_max_record; /* SSL max record size */
#endif
global.tune.chksize = atol(args[1]);
}
#ifdef USE_OPENSSL
+ else if (!strcmp(args[0], "tune.ssl.force-private-cache")) {
+ global.tune.sslprivatecache = 1;
+ }
else if (!strcmp(args[0], "tune.ssl.cachesize")) {
if (*(args[1]) == 0) {
Alert("parsing [%s:%d] : '%s' expects an integer argument.\n", file, linenum, args[0]);
continue;
}
- alloc_ctx = shared_context_init(global.tune.sslcachesize, (global.nbproc > 1) ? 1 : 0);
+ alloc_ctx = shared_context_init(global.tune.sslcachesize, (!global.tune.sslprivatecache && (global.nbproc > 1)) ? 1 : 0);
if (alloc_ctx < 0) {
if (alloc_ctx == SHCTX_E_INIT_LOCK) {
Warning("Unable to init lock for the shared SSL session cache. Falling back to private cache.\n");
projects / thirdparty / haproxy.git / commitdiff
