Upstream SSL IIS Performance

Maxim Dounin mdounin at
Mon Aug 20 11:42:44 UTC 2012


On Sun, Aug 19, 2012 at 11:06:22PM -0400, d2radio wrote:

> Thanks Francis,
> Yes I suspected that it was somehow renegotiating the ssl handshake for each
> request where as firefox/firebug was caching the handshake thus showing
> quicker response times. 
> Timing curl over https gave me an average of 80ms response time, timing curl
> over http gave me an average of 10ms similar to what nginx was achieving
> talking to the backend via http.
> I'm happy to annouce though that your were bang on the money with the
> keepalive directive. As soon as I added that into my upstream declaration
> the reponse times dropped considerably and I'm now getting performance
> similar to as if I was requesting the content directly from the upstream
> server.
> Thanks Francis your a legend :)

Strange thing is that SSL session reuse doesn't work for you.  It 
is on by default and should do more or less the same thing unless 
you've switched it off with proxy_ssl_session_reuse[1] directive or 
forgot to configure session cache on your backend server.

(Another question to consider is whether you really need to spend 
resources on SSL between nginx and your backend.)


Maxim Dounin

More information about the nginx mailing list