TTFB much higher when accessing a file, using HTTPS (LE)

[Early Bird]

Hi and thanks in advance to all

Not sure how to investigate this problem:
1. Nginx 1.10.3 server on Debian 8.6, running on a 1C/2GB Linode VPS
2. Works well as far as I understand
3. However, when activating HTTPS for my sites (Let's Encrypt), I see some
strange behavior - the TTFB (first byte delay time) is increasing
dramatically with each request.
4. Testing method: running multiple Chrome tabs (3-4) accessing a specific
image file (or a big text file), repeating every 2 seconds. Browser cache
disabled
Example image file on test site - link
<https://bt286.info/wp-content/themes/twentyseventeen/assets/images/header.jpg>
5. Result: TTFB for the image file rising from around 200-250ms to 1.2-1.5s
after few tabs doing it

6. More info: Doesn't happen without HTTPS, at least not for a reasonable
count of tabs (like 20)

Any advise?

*conf file:*

worker_processes auto;
worker_rlimit_nofile 100000;
pid /run/nginx.pid;

events {
worker_connections 4096;
multi_accept on;
}

http {

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
types_hash_max_size 2048;

server_tokens off;
reset_timedout_connection on;
add_header X-Powered-By "EasyEngine 3.7.4";
add_header rt-Fastcgi-Cache $upstream_cache_status;

# Limit Request
limit_req_status 403;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;

# Proxy Settings
# set_real_ip_from proxy-server-ip;
# real_ip_header X-Forwarded-For;

fastcgi_read_timeout 300;
client_max_body_size 100m;

##
# SSL Settings
##

ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_ciphers
"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
ssl_protocols TLSv1.1  TLSv1.2;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security "max-age=15768000" always;
# OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
##
# Basic Settings
##
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

# Log format Settings
log_format rt_cache '$remote_addr $upstream_response_time
$upstream_cache_status [$time_local] '
'$http_host "$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types
   application/atom+xml
   application/javascript
   application/json
   application/rss+xml
   application/vnd.ms-fontobject
   application/x-font-ttf
   application/x-web-app-manifest+json
   application/xhtml+xml
   application/xml
   font/opentype
   image/svg+xml
   image/x-icon
   text/css
   text/plain
   text/x-component
   text/xml
   text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

*and *

additional static files rule
location ~*
\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$
{
  add_header "Access-Control-Allow-Origin" "*";
  access_log off;
  log_not_found off;
  expires max;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170824/56cc1346/attachment.html>