request_time much slower than upstream_response_time

Igor Sysoev is at rambler-co.ru
Tue Jun 24 10:36:58 MSD 2008


On Mon, Jun 23, 2008 at 05:57:04PM -0700, Rt Ibmer wrote:

> > > > You may also try to use 56-bit and 128-bit
> > ciphers first:
> > > > 
> > > > ssl_ciphers     DES-CBC-SHA:RC4-MD5:RC4-SHA:AES128-SHA:DES-CBC3-SHA;
> >
> > > So should I replace that line with what you put above
> > or just preappend those settings to my existing line?
> > 
> > You already have the same ciphers.
> 
> Sorry I pasted in the wrong line.
> 
> What I meant to say is that currently I have this:
> 
>    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
> 
> So should I just replace that with this:
> 
>    ssl_ciphers DES-CBC-SHA:RC4-MD5:RC4-SHA:AES128-SHA:DES-CBC3-SHA;
> 
> Or should I append yours in the front of my existing one, to come up with this:
> 
> ssl_ciphers      DES-CBC-SHA:RC4-MD5:RC4-SHA:AES128-SHA:DES-CBC3-SHA:ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

You should replace.

> And I assume I should leave this prefer_server_ciphers as is:
>   ssl_prefer_server_ciphers   on;

You may leave it.

> Lastly, can you think of anything else we have not covered that can help speed the ssl handshake process?

No, I do not see anything. The main problem is RTT of SSL handshake.


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list