#varnish | #web

September 26, 2018

SSL session resumption enable

To enable SSL session resumption under hitch+Ubuntu 16.04:

Compile hitch 1.4.8, with session cache enabled:

cd /temp
git clone https://github.com/varnish/hitch.git
cd hitch
cd src
git clone https://github.com/haproxy/ebtree
cd ebtree
make
cd ../..
./bootstrap
./configure --enable-sessioncache
make
make check
make install

Softlink:

ln -s /usr/local/sbin/hitch /usr/sbin

Add “session-cache=100” to /etc/hitch/hitch.conf:

backend        = "[::1]:6086"
frontend = "[*]:443"

pem-file = "/var/lib/acme/live/www.domain.com/haproxy"
pem-file = "/var/lib/acme/live/domain.com/haproxy"

user = "_hitch"
group = "_hitch"
session-cache=100
ciphers  = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
prefer-server-ciphers = on 
sni-nomatch-abort = on 
tls-protos = TLSv1.0 TLSv1.1 TLSv1.2
alpn-protos = "h2,http/1.1"
write-proxy-v2 = on 
ocsp-dir = "/var/lib/hitch/" 
ocsp-verify-staple = on
workers = 4 # number of CPU cores
syslog = off

Enable and start hitch:

systemctl enable hitch.service
systemctl daemon-reload
service hitch restart
systemctl status hitch

Verify hitch version:

hitch -V

hitch 1.4.8

Check ssl session status on ssllabs:

Powered by Hugo & Kiss.

September 26, 2018

SSL session resumption enable

Similar articles: