roles/nginx: update nginx ssl_buffer_size

The old default has not been changed in eight years and I see that there have been some discussions over the years about this. I will change this from the slightly extreme 1400 bytes to 4k (nginx def- ault is still 16k so this is more "optimal" for HTML/CSS content). See: https://github.com/igrigorik/istlsfastyet.com/issues/63
2025-03-29 22:28:27 +03:00 · 2025-03-29 22:28:27 +03:00 · 0afb8a4493
commit 0afb8a4493
parent 506695da31
1 changed files with 1 additions and 2 deletions
--- a/roles/nginx/defaults/main.yml
+++ b/roles/nginx/defaults/main.yml
@ -11,8 +11,7 @@ nginx_root_prefix: "{{ web_root_prefix }}"
 nginx_ssl_session_timeout: 1h
 # 10MB -> 40,000 sessions
 nginx_ssl_session_cache: shared:SSL:10m
-# 1400 bytes to fit in one MTU (default is 16k!)
-nginx_ssl_buffer_size: 1400
+nginx_ssl_buffer_size: 4k
 nginx_ssl_dhparam: /etc/ssl/certs/dhparam.pem
 nginx_ssl_protocols: TLSv1.2 TLSv1.3