diff --git a/h5bp/directive-only/ssl.conf b/h5bp/directive-only/ssl.conf
index aa8e29c..fac81fc 100644
--- a/h5bp/directive-only/ssl.conf
+++ b/h5bp/directive-only/ssl.conf
@@ -22,6 +22,9 @@ ssl_session_timeout  10m;
 # of such infrastructure, consider turning off session tickets:
 ssl_session_tickets off;
 
+# Use a higher keepalive timeout to reduce the need for repeated handshakes
+keepalive_timeout 300; # up from 75 secs default
+
 # This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication).
 # Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors.
 #ssl_certificate      /etc/nginx/default_ssl.crt;