[nginx] SSL support and setup
is at rambler-co.ru
Sun Jan 27 00:04:59 MSK 2008
On Sat, Jan 26, 2008 at 12:51:02PM -0800, Adam Zell wrote:
> On Jan 26, 2008 9:30 AM, Igor Sysoev <is at rambler-co.ru> wrote:
> > Since introducing shared ssl_session_cache you should use worker_processes
> > equals to CPU numbers. Also SSL keep-alive connections take about 100K
> > per idle connection, so you may disable them.
> > Given that ssl_session_cache is disabled by default in 0.6.xx, what kind
> of negative performance can be expected? Is there any reason (stability or
> otherwise) not to make shared the default?
The shared ssl_session_cache has no negative performance or stability
Initially builtin OpenSSL non-shared ssl_session_cache was enabled
only by default. Then it emerged that builtin cache leads to memory
fragmentation, so it should be disabled by default. Then I decided
to choose Apache's mod_ssl default: off.
More information about the nginx