Mercurial > hg > nginx
changeset 8079:f106f4a68faf
SSL: explicit clearing of expired sessions.
This reduces lifetime of session keying material in server's memory, and
therefore can be beneficial from forward secrecy point of view.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 12 Oct 2022 20:14:43 +0300 |
parents | 5244d3b165ff |
children | bf02161f291e |
files | src/event/ngx_event_openssl.c |
diffstat | 1 files changed, 6 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c Wed Oct 12 20:14:40 2022 +0300 +++ b/src/event/ngx_event_openssl.c Wed Oct 12 20:14:43 2022 +0300 @@ -4031,6 +4031,8 @@ ngx_rbtree_delete(&cache->session_rbtree, node); + ngx_explicit_memzero(sess_id->session, sess_id->len); + #if (NGX_PTR_SIZE == 8) ngx_slab_free_locked(shpool, sess_id->session); #endif @@ -4120,6 +4122,8 @@ ngx_rbtree_delete(&cache->session_rbtree, node); + ngx_explicit_memzero(sess_id->session, sess_id->len); + #if (NGX_PTR_SIZE == 8) ngx_slab_free_locked(shpool, sess_id->session); #endif @@ -4168,6 +4172,8 @@ ngx_rbtree_delete(&cache->session_rbtree, &sess_id->node); + ngx_explicit_memzero(sess_id->session, sess_id->len); + #if (NGX_PTR_SIZE == 8) ngx_slab_free_locked(shpool, sess_id->session); #endif