gaja-group
/
server-configs-nginx
mirror of https://github.com/h5bp/server-configs-nginx
2
0
Fork 0
Code Issues Releases Wiki Activity

use a much longer ssl_session_timeout 

To match the settiongs from istlsfastyet.com

Add a mention of ssl_buffer_size even though it can 't be enabled yet
This commit is contained in:
AD7six 2014-07-28 14:54:31 +00:00
parent aac9d71d54
commit 332998a2db
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
h5bp/directive-only/ssl.conf
View File

@ -11,7 +11,10 @@ ssl_prefer_server_ciphers on;
# By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state.
# Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS.
ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
ssl_session_timeout 10m;
ssl_session_timeout 24h;
# SSL buffer size was added in 1.5.9
#ssl_buffer_size 1400; # 1400 bytes to fit in one MTU
# Session tickets appeared in version 1.5.9
#