From be6c76a2afc7719394c43bb51763edea7189cad8 Mon Sep 17 00:00:00 2001
From: Alan Orth <alan.orth@gmail.com>
Date: Sat, 6 Dec 2014 22:15:15 +0300
Subject: [PATCH] roles/nginx: Set nginx SSL buffer size to 1400

istlsfastyet.com recommends setting the buffer size to 1400 so it
can fit into a single MTU.  nginx default is 16k!

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size

Signed-off-by: Alan Orth <alan.orth@gmail.com>
---
 roles/nginx/templates/https.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/nginx/templates/https.j2 b/roles/nginx/templates/https.j2
index 6f68463..605d2f5 100644
--- a/roles/nginx/templates/https.j2
+++ b/roles/nginx/templates/https.j2
@@ -7,6 +7,7 @@
 
     ssl_session_timeout 5m;
     ssl_session_cache shared:SSL:1m;
+    ssl_buffer_size 1400; # 1400 bytes to fit in one MTU
     ssl_dhparam /etc/ssl/certs/dhparam.pem;
     ssl_protocols {{ nginx_tls_protocols }};
     ssl_ciphers "{{ tls_cipher_suite }}";