Can all Nginx vhosts share the same ssl_session_cache?

Looking at the implementation of ssl_session_cache by ngx_http_ssl_session_cache in nxg_http_ssl_module.c it creates one shared memory zone named "SSL", i.e. one ssl session cache. Any subsequent call to ssl_session_cache retrieves the previously configured shared memory zone named "SSL" instead of creating a new one (cmp. ngx_shared_memory_add in ngx_cycle.c).

This can easily be verified by configuring different sizes for the same name like so:

...ssl_session_cache shared:SSL:4m;server {    ...    ssl_session_cache shared:SSL:50m;}

This results in an error message such as:

[emerg] the size 52428800 of shared memory zone "SSL" conflicts with already declared size  4194304 in /etc/nginx/nginx.conf:37

Details (KajMagnus added)

The shared memory zone gets added here:

  sscf->shm_zone = ngx_shared_memory_add(cf, &name, n,                                         &ngx_http_ssl_module);

and as you can see, different names result in different caches being created. So, one can have many different shared memory caches, each one with its own unique name. However, each server, can use only one shared SSL memory zone — there's just one shm_zone per SSL server config, on the ngx_http_ssl_srv_conf_t *sscf structure.

tl;drWhether a SSL session cache is declared at http or server level does not matter. The same cache is used as long as the same name is assigned to the cache. To prevent an error message for caches with the same name the same size must be used throughout.