id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1674 SSL session ID is not reused when other server disable session cache ruoshan@… "the following command failed to reuse the SSL session ID, when nginx is configured like the following. {{{ openssl s_client -connect 127.0.0.1:8443 -no_ticket -servername ""two.test.me"" -reconnect }}} corresponding nginx conf: {{{ daemon off; master_process off; events { worker_connections 1024; } http { server { listen 8443 ssl; server_name one.test.me; #ssl_session_cache shared:my_cache:10m; ssl_certificate ./certs/cert-wild.pem; ssl_certificate_key ./certs/key-wild.pem; ssl_session_timeout 5m; location / { return 201; } } server { listen 8443 ssl; server_name two.test.me; ssl_session_cache shared:my_cache:10m; ssl_certificate ./certs/cert-wild.pem; ssl_certificate_key ./certs/key-wild.pem; ssl_session_timeout 5m; location / { return 202; } } } }}} the ""bug"" causing this seems to be in the `ngx_http_ssl_servername`. that func didn't update the `c->ssl->connection->session_ctx` to the right one after we have the SNI info. it still use the ""first"" ssl session CTX of the first server block. may be it should be fixed in openssl." defect closed minor other 1.15.x invalid "nginx version: nginx/1.15.6 built by clang 10.0.0 (clang-1000.11.45.5) built with OpenSSL 1.0.2p 14 Aug 2018 TLS SNI support enabled configure arguments: --prefix=/usr/local/Cellar/nginx/1.15.6 --sbin-path=/usr/local/Cellar/nginx/1.15.6/bin/nginx --with-cc-opt='-I/usr/local/opt/pcre/include -I/usr/local/opt/openssl/include' --with-ld-opt='-L/usr/local/opt/pcre/lib -L/usr/local/opt/openssl/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/usr/local/var/run/nginx.pid --lock-path=/usr/local/var/run/nginx.lock --http-client-body-temp-path=/usr/local/var/run/nginx/client_body_temp --http-proxy-temp-path=/usr/local/var/run/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/var/run/nginx/fastcgi_temp --http-uwsgi-temp-path=/usr/local/var/run/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/var/run/nginx/scgi_temp --http-log-path=/usr/local/var/log/nginx/access.log --error-log-path=/usr/local/var/log/nginx/error.log --with-debug --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-ipv6 --with-mail --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module"