Enable SSL session cache for master.tus.io

2016-11-09 23:10:18 +01:00 · 2016-11-09 23:10:18 +01:00 · 97def4c99f
parent 25771dfbcd
commit 97def4c99f
1 changed files with 8 additions and 0 deletions
--- a/.infra/files/nginx.conf
+++ b/.infra/files/nginx.conf
@ -19,6 +19,14 @@ server {
    ssl_stapling on;
    ssl_stapling_verify on;

+    # Enable SSL session cache to reduce overhead of TLS handshake. Allow nginx
+    # workers to use 5MB of memory for caching but disable session tickets as
+    # there is currently no easy way to rotate the ticket key which is not in
+    # sync with the ideals of Perfect Forward Secrecy.
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:5m;
+    ssl_session_tickets off;
+
    server_name master.tus.io;

    # certbot will place the files required for the HTTP challenge in the