From 99866c0c90b2621cc50655a245b1e11937853058 Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Sat, 29 Mar 2025 22:29:07 +0300 Subject: [PATCH] roles/nginx: use one day for nginx ssl_session_timeout This is a new default since I last looked at the Mozilla server-side SSL configurator. --- roles/nginx/defaults/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml index 1e87437..50ef831 100644 --- a/roles/nginx/defaults/main.yml +++ b/roles/nginx/defaults/main.yml @@ -7,8 +7,8 @@ nginx_confd_path: /etc/nginx/conf.d # parent directory of vhost roots nginx_root_prefix: "{{ web_root_prefix }}" -# 1 hour timeout -nginx_ssl_session_timeout: 1h +# 1 day timeout +nginx_ssl_session_timeout: 1d # 10MB -> 40,000 sessions nginx_ssl_session_cache: shared:SSL:10m nginx_ssl_buffer_size: 4k