SSL performance optimization with cache

Maxim Dounin mdounin at
Fri Dec 14 11:00:00 UTC 2012


On Thu, Dec 13, 2012 at 09:45:19PM -0500, justin wrote:

> Hello,
> I am optimizing our install of nginx for SSL performance, since our SaaS app
> is served exclusively over https. I have the following SSL performance
> directives:
>     ssl_session_cache shared:SSL_CACHE:4m;
>     ssl_session_timeout 5m;
> My question is, what is the downfall, if any, of setting the timeout to like
> 720m which is 12 hours. Seems like caching longer would be better. Or, is
> there a security risk of caching for such a long time?

You may consider RFC5246, which suggests an upper limit of 24h:

Maxim Dounin

More information about the nginx mailing list