<div dir="ltr">Hi,<input name="virtru-metadata" type="hidden" value="{"email-policy":{"state":"closed","expirationUnit":"days","disableCopyPaste":false,"disablePrint":false,"disableForwarding":false,"expires":false},"attachments":{}}"><div><br></div><div>We've shifted our static content to SSL recently and found that mp4 streaming is drastically slow over SSL ( around 90KBps on 4Mbps connection) and if we test the same video over HTTP it gives us full 400+KBps speed. Here is the SSL config :<br><br><div>server {</div><div>        listen  443 spdy;</div><div>        ssl on;</div><div>        server_name <a href="http://cw004.domain.net">cw004.domain.net</a> <a href="http://www.cw004.domain.net">www.cw004.domain.net</a>;</div><div>          ssl_certificate /etc/ssl/certs/domain/domain-combined.crt;</div><div>          ssl_certificate_key /etc/ssl/certs/domain/domain.key;</div><div>          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</div><div>          ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-A$</div><div>        location / {</div><div>            root   /videos;</div><div>            index index.html index.htm index.php;</div><div>             </div><div>}</div><div>location ~ \.(flv)$ {      </div><div>                flv;</div><div>                root /videos;</div><div>                expires 7d;</div><div>                include hotlink.inc;</div><div>                }</div><div><br></div><div><br></div><div>                include thumbs.inc;</div><div><br></div><div>#location ~ \.(jpg)$ {</div><div>#                root /videos;   </div><div>#                try_files $uri /files/thumbs/no_thumb.jpg;</div><div>#                }</div><div> </div><div>        </div><div>        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {</div><div>                expires 1y;</div><div>                log_not_found off;  </div><div>        }</div><div><br></div><div><br></div><div>You have new mail in /var/mail/root</div><div>[root@cw004 /usr/local/etc/nginx/vhosts]# ^C</div><div>[root@cw004 /usr/local/etc/nginx/vhosts]# cat virtual-ssl.conf </div><div>server {</div><div>        listen  443 spdy;</div><div>        ssl on;</div><div>        server_name <a href="http://cw004.domain.net">cw004.domain.net</a> <a href="http://www.cw004.domain.net">www.cw004.domain.net</a>;</div><div>          ssl_certificate /etc/ssl/certs/domain/domain-combined.crt;    </div><div>          ssl_certificate_key /etc/ssl/certs/domain/domain.key;    </div><div>          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</div><div>          ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';       ssl_prefer_server_ciphers on;</div><div>        location / {</div><div>            root   /videos;</div><div>            index index.html index.htm index.php;</div><div><br></div><div>}</div><div>location ~ \.(flv)$ {</div><div>                flv;</div><div>                root /videos;</div><div>                expires 7d;</div><div>                include hotlink.inc;                </div><div>                }</div><div><br></div><div><br></div><div>                include thumbs.inc;</div><div><br></div><div>#location ~ \.(jpg)$ {</div><div>#                root /videos;</div><div>#                try_files $uri /files/thumbs/no_thumb.jpg;</div><div>#                }</div><div><br></div><div><br></div><div>        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {</div><div>                expires 1y;</div><div>                log_not_found off;</div><div>        }</div><div><br></div><div>        location ~ \.(mp4)$ {</div><div>                mp4;</div><div>             mp4_buffer_size 4M;</div><div>                mp4_max_buffer_size 10M;</div><div>                expires 1y;</div><div>                add_header Cache-Control "public";</div><div>                root /videos;</div><div>                include hotlink.inc;</div><div>                }         </div><div><br></div><div> # pass the PHP scripts to FastCGI server listening on unix:/var/run/www.socket</div><div>        location ~ \.php$ {</div><div>            root /videos;</div><div>            fastcgi_pass   unix:/var/run/www.socket;</div><div>           fastcgi_index  index.php;</div><div>            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;</div><div>            include        fastcgi_params;</div><div>        }</div><div><br></div><div>        location ~ /\.ht {</div><div>            deny  all;</div><div>        }</div><div>}</div></div><div><br></div><div>-------------------------<br><br>Is there optimization being missed for SSL ?<br><br>Thanks.<br>Shahzaib</div></div>