Forum List Message List New Topic Print View

d2radio

August 20, 2012 11:14PM

Registered: 11 years ago
Posts: 4

Hi Maxim,

Maxim Dounin Wrote:
-------------------------------------------------------
> Hello!
>
> On Sun, Aug 19, 2012 at 11:06:22PM -0400, d2radio wrote:
>
> > Thanks Francis,
> >
> > Yes I suspected that it was somehow renegotiating the ssl handshake
> for each
> > request where as firefox/firebug was caching the handshake thus
> showing
> > quicker response times.
> >
> > Timing curl over https gave me an average of 80ms response time,
> timing curl
> > over http gave me an average of 10ms similar to what nginx was
> achieving
> > talking to the backend via http.
> >
> > I'm happy to annouce though that your were bang on the money with
> the
> > keepalive directive. As soon as I added that into my upstream
> declaration
> > the reponse times dropped considerably and I'm now getting
> performance
> > similar to as if I was requesting the content directly from the
> upstream
> > server.
> >
> > Thanks Francis your a legend :)
>
> Strange thing is that SSL session reuse doesn't work for you. It
> is on by default and should do more or less the same thing unless
> you've switched it off with proxy_ssl_session_reuse[1] directive or
> forgot to configure session cache on your backend server.
>
> (Another question to consider is whether you really need to spend
> resources on SSL between nginx and your backend.)
>
> [1] http://nginx.org/r/proxy_ssl_session_reuse
>
> Maxim Dounin
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Thanks, Yes I thought it was strange that ssl session reuse didn't work either as I thought that had been enabled by default in a recent release.

I can confirm that we don't have the directive proxy_ssl_session_reuse set in any of the config files and we have left the upstream server caching settings at their defaults which I think for IIS 6.0 is 5 minutes if I remember correctly.

Yes your correct, I would agree that it's probably not the best approach to be talking to a upstream server via HTTPS but unfortunatly at the moment that's not an option due to how the upstream applications work which weren't written by me.

Thanks for your time.

Reply Quote

RSS

Subject	Author	Posted
Upstream SSL IIS Performance	d2radio	August 19, 2012 07:55PM
Re: Upstream SSL IIS Performance	d2radio	August 19, 2012 07:59PM
Re: Upstream SSL IIS Performance	Francis Daly	August 19, 2012 09:14PM
Re: Upstream SSL IIS Performance	d2radio	August 19, 2012 11:06PM
Re: Upstream SSL IIS Performance	Maxim Dounin	August 20, 2012 07:44AM
Re: Upstream SSL IIS Performance	d2radio	August 20, 2012 11:14PM