keepalive_timeout timeout causes high TTFB

khav nginx-forum at nginx.us
Fri Jul 24 13:40:40 UTC 2015


I am trying to further optimize SSL but if i enable keepalive_timeout i get
high TTFB as shown in the report below

http://tools.pingdom.com/fpt/#!/KggzF

When i disable keepalive_timeout  , TTFB is fixed but nginx recommand
keepalive_timeout :
http://nginx.org/en/docs/http/configuring_https_servers.html

Why does this happen ?

I welcome any other advice to further optimise SSL 

Thanks

listen       443 spdy default_server reuseport;
	ssl on;
	ssl_certificate    /etc/ssl/filterbypass.me.crt; #(or .pem) 
    ssl_certificate_key    /etc/ssl/filterbypass.me.key.nopass;
	ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
	#keepalive_timeout    70;
    #ssl_ciphers
ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
	ssl_ciphers
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
    ssl_prefer_server_ciphers on;
	ssl_buffer_size 8k;
    ssl_session_cache shared:SSL:20m;
	ssl_dhparam /etc/ssl/dhparam.pem;
    ssl_session_timeout 45m;
	ssl_stapling on;
    ssl_stapling_verify on;
	ssl_trusted_certificate  /etc/ssl/trustchain.crt;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 5s;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260541,260541#msg-260541



More information about the nginx mailing list