ssl_ciphers for speed

ktm at rice.edu ktm at rice.edu
Sat May 5 19:27:44 UTC 2012


On Sat, May 05, 2012 at 06:23:24PM +0530, Sparsh Gupta wrote:
> Hello
> 
> I am using nginx 2.0 built with OpenSSL 0.9.8 and I have the following
> configuration for my ssl:
> 
> listen 443 ssl;
> ssl_certificate /etc/ssl/private/wildcardcert.crt;
> ssl_certificate_key /etc/ssl/private/wildcardcert.key;
> ssl_session_cache   shared:SSL:20m;
> ssl_session_timeout 5m;
> ssl_prefer_server_ciphers on;
> 
> 
> Since I dont have ssl_ciphers I assume its picking up the default settings '
> HIGH:!ADH:!MD5;'
> 
> I found quite a few articles to make the SSL connection strong and more
> secure but I am looking for a solution which is fastest in terms of
> negotiating an SSL connection. Can you recommend me some ssl_cipher / other
> settings I should try to boost speed. I dont transfer any secure data so I
> am not concerned about security.
> 
> Thanks
> Sparsh Gupta

Here is what we use for a use case with similar requirements:

ssl_ciphers RC4:AES128+SHA:!kEDH:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

RC4 is the fastest without hardware assist. If you have hardware support in
your processor for AES, put the AES128 first, instead of RC4.

Regards,
Ken



More information about the nginx mailing list