[alert] could not add new SSL session to the session cache while SSL handshaking
Maxim Dounin
mdounin at mdounin.ru
Tue Mar 4 10:46:00 UTC 2014
Hello!
On Tue, Mar 04, 2014 at 09:22:48AM +0100, Alex wrote:
> Hi!
>
> On 2014-03-03 18:45, Maxim Dounin wrote:
> > Note well that configuring ssl_buffer_size to 1400 isn't a good
> > idea unless you are doing so for your own performance testing.
> > See previous discussions for details.
>
> Maxim, I remember the discussion that was started by Ilya. From what I
> understood is that it depends on your specific needs. If you have a
> website with standard markup and without serving large files, it seems
> reasonable to choose a smaller ssl buffer size to avoid TLS record
> fragmentation (and thus optimize time to first byte). On the other hand,
> if you deliver large streams, it would seem be counter-productive to
> limit the buffer size since you'd occur more bandwidth and processing
> overhead.
>
> Or did I misunderstand and you'd still say that a ssl_buffer_size of
> 1400 is generally a bad idea?
Bandwidth and processing overhead isn't something specific to
serving large files, it's always here - even if you serve small
resources. On the other hand, from TTFB point of view there is
almost no difference between 1400 and 4096 - as long as resulting
payload is under initial congestion window.
That is, from time to first byte optimization point of view, I
would recommend using ssl_buffer_size 4k (or, if your server
follows IW10, 8k may be a better idea).
Just for the record, previous discussion can be found here:
http://mailman.nginx.org/pipermail/nginx/2013-December/041533.html
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list