From 0af305283f99abfc85e4395201ffadc7de975d4b Mon Sep 17 00:00:00 2001
From: Rahil <54960886+rahilarious@users.noreply.github.com>
Date: Sun, 8 Sep 2019 04:16:31 +0530
Subject: [PATCH] Fixed description for SSL session cache & timeout (#237)

---
 h5bp/ssl/ssl_engine.conf | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/h5bp/ssl/ssl_engine.conf b/h5bp/ssl/ssl_engine.conf
index 6f66f88..41d477d 100644
--- a/h5bp/ssl/ssl_engine.conf
+++ b/h5bp/ssl/ssl_engine.conf
@@ -2,11 +2,12 @@
 # | SSL engine                                                         |
 # ----------------------------------------------------------------------
 
-# (1) Optimize SSL by caching session parameters for 10 minutes.
+# (1) Optimize SSL by caching session parameters for 24 hours.
 #     This cuts down on the number of expensive SSL handshakes.
 #     By enabling a cache, we tell the client to re-use the already
 #     negotiated state.
-#     A 1Mb cache can hold about 4000 sessions, so we can hold 40000 sessions.
+#     Here 10m (10 MB) in ssl_session_cache is size value (not time).
+#     1 MB cache can store about 4000 sessions, so we can store 40000 sessions.
 #
 # (2) Use a higher keepalive timeout to reduce the need for repeated handshakes
 #     (!) Shouldn't be done unless you serve primarily HTTPS.
@@ -27,8 +28,8 @@
 # (5) Basic security improvements
 
 # (1)
-ssl_session_cache shared:SSL:10m;
 ssl_session_timeout 24h;
+ssl_session_cache shared:SSL:10m;
 
 # (2)
 keepalive_timeout 300s;