Optimizing NGINX TLS Time To First Byte (TTTFB)

Anton Yuzhaninov citrin at citrin.ru
Thu Dec 19 10:51:47 UTC 2013

On 12/19/13 04:50, Alex wrote:
> I remember reading (I believe it was in your (excellent) book! ;)) that
> upon packet loss, the full TLS record has to be retransmitted. Not cool
> if the TLS record is large and fragmented. So that's indeed a good
> reason to keep TLS records small and preferably within the size of a TCP
> segment.

Why TCP retransmit for single lost packet is not enough (in kernel TCP stack, 
whit is unaware of TLS record)?
Kernel on receiver side, should wait for this lost packet to retransmit, and 
return data to application in same order as it was sent.

Big TLS record can add some delay for first byte (but not to last byte) in 
decrypted page, but browser anyway can't render first byte of page, It need at 
least some data.

More information about the nginx mailing list