6 messages in ru.sysoev.nginxRe: ssl_session_cache in wiki
FromSent OnAttachments
Aleksandar LazicJan 16, 2007 2:15 pm 
Cliff WellsJan 17, 2007 7:01 am 
Cliff WellsJan 17, 2007 7:07 am 
Igor SysoevJan 17, 2007 7:34 am 
Aleksandar LazicJan 17, 2007 8:55 am 
Igor SysoevJan 17, 2007 9:01 am 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: ssl_session_cache in wikiActions...
From:Igor Sysoev (is-G@public.gmane.org)
Date:Jan 17, 2007 7:34:12 am
List:ru.sysoev.nginx

On Wed, 17 Jan 2007, Cliff Wells wrote:

On Tue, 2007-01-16 at 23:15 +0100, Aleksandar Lazic wrote:

Hi,

I have know added the ssl_session_cache doc into the wiki ;-) http://wiki.codemongers.com/NginxHttpSslModule#ssl_session_cache

Tomorrow I will go thru the second step, but please can any native speaker make some grammer checks ;-)

It looks fine.

One question I have is about this part:

"to reduce the CPU load it is recommended to run one worker process only and to enable keep-alive connections"

The keep-alive seems instruction seems plain enough, but what about the single worker process? Is this advice to be taken in general or only when applied to HTTPS?

This part is from previous document version when nginx had no shared ssl_session_cache and used OpenSSL builtin cache only.

The current Russian example is:

-------------- To reduce the CPU load it is recommended

*) to set worker_process equal to number of CPUs, *) to enable keep-alive connections, *) to turn on shared SSL session cache, *) to turn off builtin SSL session cache, *) and, probably, to increase SSL session timeout (5 minutes by default):

worker_processes 2;

http {

...

server { listen 443; keepalive_timeout 70;

ssl on; ssl_certificate /usr/local/nginx/conf/cert.pem; ssl_certificate_key /usr/local/nginx/conf/cert.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;

... }

--------------

Igor Sysoev http://sysoev.ru/en/