Reduce nginx ssl_session_cache to 3m each

2 years ago · 8539344331
parent c729954b4a
commit 8539344331
2 changed files with 3 additions and 2 deletions
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@ -100,7 +100,7 @@ http {
      include /etc/nginx/tls.conf;
      ssl_stapling on;
      ssl_stapling_verify on;
-      ssl_session_cache shared:SSLHTTP:50m;
+      ssl_session_cache shared:SSLHTTP:3m;
      add_header Strict-Transport-Security 'max-age=31536000';

      {% if not TLS_FLAVOR in [ 'mail', 'mail-letsencrypt' ] %}
@ -284,7 +284,7 @@ mail {

    {% if TLS and not TLS_ERROR %}
    include /etc/nginx/tls.conf;
-    ssl_session_cache shared:SSLMAIL:50m;
+    ssl_session_cache shared:SSLMAIL:3m;
    {% endif %}

    # Advertise real capabilities of backends (postfix/dovecot)
--- a/towncrier/newsfragments/2605.misc
+++ b/towncrier/newsfragments/2605.misc
@ -0,0 +1 @@
+Reduce the SSL session caches from 50m each to 3m each. This should be good for 12k sessions (within 1day) for each cache and will help reduce memory usage.
				`@ -0,0 +1 @@`
				`Reduce the SSL session caches from 50m each to 3m each. This should be good for 12k sessions (within 1day) for each cache and will help reduce memory usage.`