request_time much slower than upstream_response_time
Igor Sysoev
is at rambler-co.ru
Tue Jun 24 10:36:58 MSD 2008
On Mon, Jun 23, 2008 at 05:57:04PM -0700, Rt Ibmer wrote:
> > > > You may also try to use 56-bit and 128-bit
> > ciphers first:
> > > >
> > > > ssl_ciphers DES-CBC-SHA:RC4-MD5:RC4-SHA:AES128-SHA:DES-CBC3-SHA;
> >
> > > So should I replace that line with what you put above
> > or just preappend those settings to my existing line?
> >
> > You already have the same ciphers.
>
> Sorry I pasted in the wrong line.
>
> What I meant to say is that currently I have this:
>
> ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
>
> So should I just replace that with this:
>
> ssl_ciphers DES-CBC-SHA:RC4-MD5:RC4-SHA:AES128-SHA:DES-CBC3-SHA;
>
> Or should I append yours in the front of my existing one, to come up with this:
>
> ssl_ciphers DES-CBC-SHA:RC4-MD5:RC4-SHA:AES128-SHA:DES-CBC3-SHA:ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
You should replace.
> And I assume I should leave this prefer_server_ciphers as is:
> ssl_prefer_server_ciphers on;
You may leave it.
> Lastly, can you think of anything else we have not covered that can help speed the ssl handshake process?
No, I do not see anything. The main problem is RTT of SSL handshake.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list