nginx - ssl session resumption

I have installed nginx on multiple servers (our load balancers).

When i check my SSL installation with https://www.ssllabs.com/ I get A+ results for each server but the first server has always

Session resumption (caching) No (IDs assigned but not accepted)

while all other servers have

Session resumption (caching) Yes

All servers are configured automatically, so identical. I additionally checked the nginx configuration with

/usr/sbin/nginx -T > lb1.nginx
/usr/sbin/nginx -T > lb2.nginx
...

But there are no differences.

ssl_session is configured like this on every single server:

  ssl_session_timeout 1d;
  ssl_session_cache   shared:SSL:100m;

Now comes the interesting part:

I have ten load balancers and the first one is marked by ssllabs with 'session Resumption: No'.

Now I moved the IP Address of the first server to the second server. The first request of ssllabs which is now going to the second server and is showing 'session Resumption: No'. The second request which is going to the second server, too, is showing 'session Resumption: Yes'. But both queries are arriving at the same server.

It seems to me that ssl labs is doing something different with the first request.

Can there be any other reason why ssllabs shows NO session resumption only for the first request no matter to which server is "first"?


I think you need to add this configuration if you still dont have in you current configuration,

ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;

And are you sure that two servers have the same configuration? Please check with 'nginx -T' command, this command will show actual nginx configuration. If there is a difference between the result of command 'nginx -T' between two servers then the error is because you not reload your nginx configuration. Thanks