Fixed description for SSL session cache & timeout (#237)
This commit is contained in:
Rahil
Léo Colombaro
parent
6d1a9d46e6
commit
0af305283f
|
|
@ -2,11 +2,12 @@
|
||||||
# | SSL engine |
|
# | SSL engine |
|
||||||
# ----------------------------------------------------------------------
|
# ----------------------------------------------------------------------
|
||||||
|
|
||||||
# (1) Optimize SSL by caching session parameters for 10 minutes.
|
# (1) Optimize SSL by caching session parameters for 24 hours.
|
||||||
# This cuts down on the number of expensive SSL handshakes.
|
# This cuts down on the number of expensive SSL handshakes.
|
||||||
# By enabling a cache, we tell the client to re-use the already
|
# By enabling a cache, we tell the client to re-use the already
|
||||||
# negotiated state.
|
# negotiated state.
|
||||||
# A 1Mb cache can hold about 4000 sessions, so we can hold 40000 sessions.
|
# Here 10m (10 MB) in ssl_session_cache is size value (not time).
|
||||||
|
# 1 MB cache can store about 4000 sessions, so we can store 40000 sessions.
|
||||||
#
|
#
|
||||||
# (2) Use a higher keepalive timeout to reduce the need for repeated handshakes
|
# (2) Use a higher keepalive timeout to reduce the need for repeated handshakes
|
||||||
# (!) Shouldn't be done unless you serve primarily HTTPS.
|
# (!) Shouldn't be done unless you serve primarily HTTPS.
|
||||||
|
|
@ -27,8 +28,8 @@
|
||||||
# (5) Basic security improvements
|
# (5) Basic security improvements
|
||||||
|
|
||||||
# (1)
|
# (1)
|
||||||
ssl_session_cache shared:SSL:10m;
|
|
||||||
ssl_session_timeout 24h;
|
ssl_session_timeout 24h;
|
||||||
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
|
||||||
# (2)
|
# (2)
|
||||||
keepalive_timeout 300s;
|
keepalive_timeout 300s;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue