mirror of
https://github.com/caddyserver/caddy.git
synced 2025-01-14 06:46:27 +03:00
dedcfd4e3d
This migrates a feature that was previously reserved for enterprise users, according to https://github.com/caddyserver/caddy/issues/2786. TLS session ticket keys are sensitive, so they should be rotated on a regular basis. Only Caddy does this by default. However, a cluster of servers that rotate keys without synchronization will lose the benefits of having sessions in the first place if the client is routed to a different backend. This module coordinates STEK rotation in a fleet so the same keys are used, and rotated, across the whole cluster. No other server does this, but Twitter wrote about how they hacked together a solution a few years ago: https://blog.twitter.com/engineering/en_us/a/2013/forward-secrecy-at-twitter.html |
||
|---|---|---|
| .. | ||
| distributedstek | ||
| standardstek | ||
| acmemanager.go | ||
| connpolicy.go | ||
| fileloader.go | ||
| folderloader.go | ||
| matchers.go | ||
| pemloader.go | ||
| sessiontickets.go | ||
| tls.go | ||
| values.go | ||