ssl_session_cache in wiki

Wed Jan 17 18:34:35 MSK 2007

On Wed, 17 Jan 2007, Cliff Wells wrote:

> On Tue, 2007-01-16 at 23:15 +0100, Aleksandar Lazic wrote:
>> Hi,
>>
>> I have know added the ssl_session_cache doc into the wiki ;-)
>> http://wiki.codemongers.com/NginxHttpSslModule#ssl_session_cache
>>
>> Tomorrow I will go thru the second step, but please can any native
>> speaker make some grammer checks ;-)
>
> It looks fine.
>
>
> One question I have is about this part:
>
> "to reduce the CPU load it is recommended to run one worker process only
> and to enable keep-alive connections"
>
> The keep-alive seems instruction seems plain enough, but what about the
> single worker process?  Is this advice to be taken in general or only
> when applied to HTTPS?

This part is from previous document version when nginx had no
shared ssl_session_cache and used OpenSSL builtin cache only.

The current Russian example is:

--------------
To reduce the CPU load it is recommended

*) to set worker_process equal to number of CPUs,
*) to enable keep-alive connections,
*) to turn on shared SSL session cache,
*) to turn off builtin SSL session cache,
*) and, probably, to increase SSL session timeout (5 minutes by default):

     worker_processes  2;

     http {

         ...

         server {
             listen               443;
             keepalive_timeout    70;

             ssl                  on;
             ssl_certificate      /usr/local/nginx/conf/cert.pem;
             ssl_certificate_key  /usr/local/nginx/conf/cert.key;
             ssl_session_cache    shared:SSL:10m;
             ssl_session_timeout  10m;

             ...
         }
--------------

Igor Sysoev
http://sysoev.ru/en/