Session Resumption (caching)

55 views
Skip to first unread message

Garrod Alwood

unread,
Jun 12, 2015, 10:27:53 AM6/12/15
to openlitespee...@googlegroups.com
The open litespeed server doesn't allow for SSL Session Resumption (caching). This means that SSL connections are slower due to not having this feature turned.

Stevo Novkovski

unread,
Jun 29, 2015, 9:11:48 AM6/29/15
to openlitespee...@googlegroups.com
Here is my screenshot : http://prntscr.com/7mouoo
This info is based on comodo positive ssl with chain certificate.
Everything is ok.
OLS v 1.4.10

Garrod Alwood

unread,
Jun 30, 2015, 2:49:43 PM6/30/15
to openlitespee...@googlegroups.com
I just upgraded to 1.4.10 and my SSL Session Resumption (caching) is still No. Did you compile it with any special settings or anything? Also, what version of openssl are you using and did you compile it or use a package manager?

George Wang

unread,
Jun 30, 2015, 3:34:17 PM6/30/15
to openlitespee...@googlegroups.com
Hi,

The SSL session resumption issue is related to the number of worker
processes used, right now, the SHM SSL session cache is disabled now, so
session info are not shared between different worker.

We will turn on the SHM session cache, it will work.

Best regards,
George Wang
> <https://www.ssllabs.com/ssltest/analyze.html?d=charisma-art.com>
>
> --
> You received this message because you are subscribed to the Google
> Groups "OpenLiteSpeed Development" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to openlitespeed-deve...@googlegroups.com
> <mailto:openlitespeed-deve...@googlegroups.com>.
> To post to this group, send email to
> openlitespee...@googlegroups.com
> <mailto:openlitespee...@googlegroups.com>.
> Visit this group at
> http://groups.google.com/group/openlitespeed-development.
> For more options, visit https://groups.google.com/d/optout.

Garrod Alwood

unread,
Jul 2, 2015, 12:37:15 PM7/2/15
to openlitespee...@googlegroups.com
George,

So, if I move OLS to a single worker, it would then pass the SSL Session cache test correct? Also, turning on the cache module will not fix this issue either correct?
> To post to this group, send email to
> openlitespee...@googlegroups.com

George Wang

unread,
Jul 2, 2015, 12:45:35 PM7/2/15
to openlitespee...@googlegroups.com

> So, if I move OLS to a single worker, it would then pass the SSL Session
> cache test correct?
Yes.
Also, turning on the cache module will not fix this
> issue either correct?
correct. page cache has nothing to do with SSL session cache.

Best regards,
George

Garrod Alwood

unread,
Jul 2, 2015, 2:43:32 PM7/2/15
to openlitespee...@googlegroups.com
George,

Thank you for your quick response. Please let me know if and when OLS will have this functionality so that I may upgrade to it. According to my understanding using SSL Session Resumption (cache) can increase the speed of SSL connections significantly. This has been tested and blogged about by cloudflare.
https://blog.cloudflare.com/tls-session-resumption-full-speed-and-secure/

George Wang

unread,
Jul 2, 2015, 2:51:32 PM7/2/15
to openlitespee...@googlegroups.com
Nowadays, most SSL clients should have support for session ticket,
http://stackoverflow.com/questions/19939247/ssl-session-tickets-vs-session-ids

share session cache is not that important as session ticket is used.

Best regards,
George Wang

On 7/2/2015 2:43 PM, Garrod Alwood wrote:
> George,
>
> Thank you for your quick response. Please let me know if and when OLS
> will have this functionality so that I may upgrade to it. According to
> my understand using SSL Session Resumption (cache) can increase the
> speed of SSL connections significantly. This has been tested and blogged
> about by cloudflare.
> https://blog.cloudflare.com/tls-session-resumption-full-speed-and-secure/
>
>
> On Thursday, July 2, 2015 at 12:45:35 PM UTC-4, George Wang wrote:
>
>
> > So, if I move OLS to a single worker, it would then pass the SSL
> Session
> > cache test correct?
> Yes.
> Also, turning on the cache module will not fix this
> > issue either correct?
> correct. page cache has nothing to do with SSL session cache.
>
> Best regards,
> George
>
> --
> You received this message because you are subscribed to the Google
> Groups "OpenLiteSpeed Development" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to openlitespeed-deve...@googlegroups.com
> <mailto:openlitespeed-deve...@googlegroups.com>.
> To post to this group, send email to
> openlitespee...@googlegroups.com
> <mailto:openlitespee...@googlegroups.com>.
Reply all
Reply to author
Forward
0 new messages