[alert] could not add new SSL session to the session cache while SSL handshaking

Maxim Dounin mdounin at mdounin.ru
Tue Mar 4 10:46:00 UTC 2014


On Tue, Mar 04, 2014 at 09:22:48AM +0100, Alex wrote:

> Hi!
> On 2014-03-03 18:45, Maxim Dounin wrote:
> > Note well that configuring ssl_buffer_size to 1400 isn't a good 
> > idea unless you are doing so for your own performance testing.  
> > See previous discussions for details.
> Maxim, I remember the discussion that was started by Ilya. From what I
> understood is that it depends on your specific needs. If you have a
> website with standard markup and without serving large files, it seems
> reasonable to choose a smaller ssl buffer size to avoid TLS record
> fragmentation (and thus optimize time to first byte). On the other hand,
> if you deliver large streams, it would seem be counter-productive to
> limit the buffer size since you'd occur more bandwidth and processing
> overhead.
> Or did I misunderstand and you'd still say that a ssl_buffer_size of
> 1400 is generally a bad idea?

Bandwidth and processing overhead isn't something specific to 
serving large files, it's always here - even if you serve small 
resources.  On the other hand, from TTFB point of view there is 
almost no difference between 1400 and 4096 - as long as resulting 
payload is under initial congestion window.

That is, from time to first byte optimization point of view, I 
would recommend using ssl_buffer_size 4k (or, if your server 
follows IW10, 8k may be a better idea).

Just for the record, previous discussion can be found here:

Maxim Dounin

More information about the nginx mailing list