Fixed description for SSL session cache & timeout (#237)

2019-09-08 04:16:31 +05:30 · 2019-09-08 04:16:31 +05:30 · 0af305283f
parent 6d1a9d46e6
commit 0af305283f
1 changed files with 4 additions and 3 deletions
--- a/h5bp/ssl/ssl_engine.conf
+++ b/h5bp/ssl/ssl_engine.conf
@ -2,11 +2,12 @@
 # | SSL engine                                                         |
 # ----------------------------------------------------------------------

-# (1) Optimize SSL by caching session parameters for 10 minutes.
+# (1) Optimize SSL by caching session parameters for 24 hours.
 #     This cuts down on the number of expensive SSL handshakes.
 #     By enabling a cache, we tell the client to re-use the already
 #     negotiated state.
-#     A 1Mb cache can hold about 4000 sessions, so we can hold 40000 sessions.
+#     Here 10m (10 MB) in ssl_session_cache is size value (not time).
+#     1 MB cache can store about 4000 sessions, so we can store 40000 sessions.
 #
 # (2) Use a higher keepalive timeout to reduce the need for repeated handshakes
 #     (!) Shouldn't be done unless you serve primarily HTTPS.
@ -27,8 +28,8 @@
 # (5) Basic security improvements

 # (1)
-ssl_session_cache shared:SSL:10m;
 ssl_session_timeout 24h;
+ssl_session_cache shared:SSL:10m;

 # (2)
 keepalive_timeout 300s;