Optimizing TLS Record Size & Buffering Latency

Rob Stradling rob.stradling at comodo.com
Tue Oct 29 21:44:46 UTC 2013


"The larger the TLS record size, the higher the likelihood that we may 
incur an additional roundtrip due to a TCP retransmission or "overflow" 
of the congestion window. That said, the fix is also relatively simple: 
send smaller records. In fact, to eliminate this problem entirely, 
configure your TLS record size to fit into a single TCP segment.
The bad news is that many TLS servers do not provide an easy way to 
configure TLS record size and instead use the default maximum of 16 KB.
Nginx hardcodes 16KB size in ngx_event_openssl, which you can change and 
recompile from source."

Would it be worth lowering this default value?
How about adding a config directive that allows users to change it 
without having to edit the source code?

Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online

More information about the nginx-devel mailing list