From: Rainer Jung <rjung@apache.org>
Date: Fri, 22 May 2015 08:21:36 +0000 (+0000)
Subject: Be more precise.
X-Git-Tag: 2.2.30~71
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff8c722a4936def570df79a4b793953070c130d3;p=thirdparty%2Fapache%2Fhttpd.git

Be more precise.

docs = CTR.

Backport of r1681037 from trunk resp. r1681034 from 2.4.x.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1681035 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml
index d70e1d20154..dfbc0941e09 100644
--- a/docs/manual/mod/mod_ssl.xml
+++ b/docs/manual/mod/mod_ssl.xml
@@ -2004,7 +2004,9 @@ dd if=/dev/random of=/path/to/file.tkey bs=1 count=48
 
 <p>Ticket keys should be rotated (replaced) on a frequent basis,
 as this is the only way to invalidate an existing session ticket -
-OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.</p>
+OpenSSL currently doesn't allow to specify a limit for ticket lifetimes.
+A new ticket key only gets used after restarting the web server.
+All existing session tickets become invalid after a restart.</p>
 
 <note type="warning">
 <p>The ticket key file contains sensitive keying material and should