alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity

roles/nginx: Set nginx SSL buffer size to 1400

Browse Source 
istlsfastyet.com recommends setting the buffer size to 1400 so it
can fit into a single MTU.  nginx default is 16k!

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size

Signed-off-by: Alan Orth <alan.orth@gmail.com>
This commit is contained in:
Alan Orth 2014-12-06 22:15:15 +03:00
parent d04293a664
commit be6c76a2af
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
roles/nginx/templates/https.j2
View File

@ -7,6 +7,7 @@
ssl_session_timeout 5m; ssl_session_timeout 5m;
ssl_session_cache shared:SSL:1m; ssl_session_cache shared:SSL:1m;
ssl_buffer_size 1400; # 1400 bytes to fit in one MTU
ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols {{ nginx_tls_protocols }}; ssl_protocols {{ nginx_tls_protocols }};
ssl_ciphers "{{ tls_cipher_suite }}"; ssl_ciphers "{{ tls_cipher_suite }}";