TLS cache max size

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS cache max size

Angel L. Mateo
Hello,

        Is there any way lo limit the max size of the
smtpd_tls_session_cache_database?

        In my system this database is mapped to files
/var/lib/postfix/smtpd_scache.{dir,pag} and the pag file is created with
a maximum size of 2GB, but I would like to decrease these size.

        Is it possible?

--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868887590
Fax: 868888337
Reply | Threaded
Open this post in threaded view
|

Re: TLS cache max size

Viktor Dukhovni
On Thu, Jan 07, 2016 at 09:17:55AM +0100, Angel L. Mateo wrote:

> Is there any way lo limit the max size of the
> smtpd_tls_session_cache_database?

Upgrade to Postfix 2.11 or later and disable the cache entirely:

    http://www.postfix.org/postconf.5.html#smtpd_tls_session_cache_database

    As of Postfix 2.11 the preferred mechanism for session resumption
    is RFC 5077 TLS session tickets, which don't require server-side
    storage.  Consequently, for Postfix >= 2.11 this parameter should
    generally be left empty.  TLS session tickets require an OpenSSL
    library (at least version 0.9.8h) that provides full support for
    this TLS extension.  See also smtpd_tls_session_cache_timeout.

--
        Viktor.