From 43b1015b231b0d1c063a9b7fb6068197b711d527 Mon Sep 17 00:00:00 2001 From: Aitte Date: Sun, 24 Feb 2013 16:01:14 -0500 Subject: [PATCH] nginx.conf: Massively speed up SSL connections by caching the sessions for 10 minutes rather than constantly re-negotiating --- nginx/nginx.conf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 22af29d..c6b97bf 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -96,5 +96,12 @@ http { ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; + # Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes. + # The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection. + # By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state. + # Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS. + ssl_session_cache shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions + ssl_session_timeout 10m; + include sites-enabled/*; }