id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
120	RFC5077 stateless tls session tickets	Daniel Black	somebody	"As nginx's design wants to use constant memory allocating a large block of shared memory for session tickets isn't in keeping with that. In RFC5077 it describes how a web server needs to only maintain a small number of aes encryption keys (for allowing tls sessions always available as aes keys expire ) that are shared between all ssl session. The clients will maintain an initialisation vector.

OpenSSL has a callback SSL_CTX_set_tlsext_ticket_key_cb that came out in release 0.9.8h that assists with this function. Can't find its documentation? I wrote some for this:  http://rt.openssl.org/Ticket/Display.html?id=2697

If client certificates are used then an amount of memory will need to map a client state to the client certificate (which won't be sent when ssl session tickets are used)."	enhancement	closed	minor		nginx-module	1.0.x	fixed	ssl tls tickets session			not applicable