[jvehent]

Nginx has a patch to store them in memcache, for what it's worth. It's far from ideal, but at least it's not persistent storage. The standard is still to point clients to a single termination endpoint, and do active/passive cluster, so that there's no need to share the session tickets.

I still believe that using PFS, even with this limitation, is safer than encrypting pre-master keys with a single private key that almost never rotates and is stored on plenty of servers.

[daemon13]

thank you for update

>> I still believe that using PFS, even with this limitation, is safer ...

I definitely agree, the problem is that usually there is more than 1 web server :-)

>> The standard is still to point clients to a single termination endpoint, and do active/passive cluster, so that there's no need to share the session tickets.

Sorry, I did not understand (esp. the active/passive cluster thing) - could you please may be add some pointers (blog post, etc) with more details?

[zobzu]

That's a good point about master keys. The state is pretty bad with Apache for example, and I'm not sure its much better with nginx at least by default.

I think that what he means is that you terminate SSL on the load balancers (= single termination endpoint), then have your cluster beneath it (non-SSL/TLS, or new SSL/TLS connection, thus different tickets)

[daemon13]

a-ha, got it, thanks :)

true, esp if use HaProxy as LB