diff --git a/.infra/files/nginx.conf b/.infra/files/nginx.conf
index c0bccf8..cf65da0 100644
--- a/.infra/files/nginx.conf
+++ b/.infra/files/nginx.conf
@@ -19,6 +19,14 @@ server {
     ssl_stapling on;
     ssl_stapling_verify on;
 
+    # Enable SSL session cache to reduce overhead of TLS handshake. Allow nginx
+    # workers to use 5MB of memory for caching but disable session tickets as
+    # there is currently no easy way to rotate the ticket key which is not in
+    # sync with the ideals of Perfect Forward Secrecy.
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:SSL:5m;
+    ssl_session_tickets off;
+
     server_name master.tus.io;
 
     # certbot will place the files required for the HTTP challenge in the