Nginx SSL session cache error

Encountered this again in a site error.log:

could not allocate new session in SSL session shared cache "SSL" while SSL handshaking

This still seems to happen sporadically (latest Trellis).

Previous discussion:

Does this help?

This would need to be tweaked: trellis/ssl.conf at 17430191bb7211545eb63ba3ba989ee95c262c5f · roots/trellis · GitHub

I’d be open to a better default (if there is one), just not sure what it should be.

1 Like


(Linked discussion)

As explain, this message is harmless. It won’t cause errors for visitors. Instead, affected returning visitors would take a small efficiency penalty from not having SSL session resumption.

Tuning these is tricky; there don’t seem to be any concrete answers for “what values should I use when I get x SSL clients per day?”. There seem to be some performance and security implications either way. To further complicate things, TLS 1.2 and TLS 1.3 differ with this specific configuration (session ID resumption only for the former, stateful tickets for the latter).

  1. So this error isn’t nothing worrisome and doesn’t really impact the user experience.
  2. It is hard to determine a good default value in advance.

IMHO a note in the Trellis documentation about this particular nginx error (that it isn’t something worrisome) and how to prevent it seems to be the best solution then.

:+1: you are free to add that :smile:

1 Like

This topic was automatically closed after 42 days. New replies are no longer allowed.