External TLS Session Cache #5577
Labels
stale
Issues that are stale. These will not be prioritized without further engagement on the issue.
Type: Enhancement
New feature or request
Is your feature request related to a problem? Please describe.
TLS supports session resumption to improve performance. Envoy uses an in-memory TLS session cache. There are several consequences:
Describe the solution you'd like
An External TLS Session cache can solve this problem.
Describe alternatives you've considered
Using Session Tickets appears to be a better approach, as only the ticket private keys need to be shared by the envoy instances. However, Session Tickets may not be supported by all clients.
Additionally, the session cache should support configuration of cache record timeouts and maximum number of cached sessions.
Additional context
The same issue and was already raised in the envoy project: envoyproxy/envoy#14553.
The text was updated successfully, but these errors were encountered: