nginx.conf: Massively speed up SSL connections by caching the sessions for 10 minutes rather than constantly re-negotiating

This commit is contained in:
Aitte 2013-02-24 16:01:14 -05:00 committed by Andy Dawson
parent 020851039b
commit 43b1015b23
1 changed files with 7 additions and 0 deletions

View File

@ -96,5 +96,12 @@ http {
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
# Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes.
# The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection.
# By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state.
# Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS.
ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
ssl_session_timeout 10m;
include sites-enabled/*;
}