I am trying to further optimize SSL but if i enable keepalive_timeout i get high TTFB as shown in the report below
http://tools.pingdom.com/fpt/#!/KggzF When i disable keepalive_timeout , TTFB is fixed but nginx recommand keepalive_timeout : http://nginx.org/en/docs/http/configuring_https_servers.html Why does this happen ? I welcome any other advice to further optimise SSL Thanks listen 443 spdy default_server reuseport; ssl on; ssl_certificate /etc/ssl/filterbypass.me.crt; #(or .pem) ssl_certificate_key /etc/ssl/filterbypass.me.key.nopass; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #keepalive_timeout 70; #ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; ssl_prefer_server_ciphers on; ssl_buffer_size 8k; ssl_session_cache shared:SSL:20m; ssl_dhparam /etc/ssl/dhparam.pem; ssl_session_timeout 45m; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/trustchain.crt; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260541,260541#msg-260541 _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
