SSL performance optimization with cache
Maxim Dounin
mdounin at mdounin.ru
Fri Dec 14 11:00:00 UTC 2012
Hello!
On Thu, Dec 13, 2012 at 09:45:19PM -0500, justin wrote:
> Hello,
>
> I am optimizing our install of nginx for SSL performance, since our SaaS app
> is served exclusively over https. I have the following SSL performance
> directives:
>
> ssl_session_cache shared:SSL_CACHE:4m;
> ssl_session_timeout 5m;
>
> My question is, what is the downfall, if any, of setting the timeout to like
> 720m which is 12 hours. Seems like caching longer would be better. Or, is
> there a security risk of caching for such a long time?
You may consider RFC5246, which suggests an upper limit of 24h:
http://tools.ietf.org/html/rfc5246#appendix-F.1.4
--
Maxim Dounin
http://nginx.com/support.html
More information about the nginx
mailing list