From 8539344331d75afb272c34eaa2775bbc849adef1 Mon Sep 17 00:00:00 2001
From: Florent Daigniere <nextgens@freenetproject.org>
Date: Thu, 29 Dec 2022 11:03:55 +0100
Subject: [PATCH] Reduce nginx ssl_session_cache to 3m each

---
 core/nginx/conf/nginx.conf        | 4 ++--
 towncrier/newsfragments/2605.misc | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 towncrier/newsfragments/2605.misc

diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf
index b373fb13..2c2b568d 100644
--- a/core/nginx/conf/nginx.conf
+++ b/core/nginx/conf/nginx.conf
@@ -100,7 +100,7 @@ http {
       include /etc/nginx/tls.conf;
       ssl_stapling on;
       ssl_stapling_verify on;
-      ssl_session_cache shared:SSLHTTP:50m;
+      ssl_session_cache shared:SSLHTTP:3m;
       add_header Strict-Transport-Security 'max-age=31536000';
 
       {% if not TLS_FLAVOR in [ 'mail', 'mail-letsencrypt' ] %}
@@ -284,7 +284,7 @@ mail {
 
     {% if TLS and not TLS_ERROR %}
     include /etc/nginx/tls.conf;
-    ssl_session_cache shared:SSLMAIL:50m;
+    ssl_session_cache shared:SSLMAIL:3m;
     {% endif %}
 
     # Advertise real capabilities of backends (postfix/dovecot)
diff --git a/towncrier/newsfragments/2605.misc b/towncrier/newsfragments/2605.misc
new file mode 100644
index 00000000..aec69c5c
--- /dev/null
+++ b/towncrier/newsfragments/2605.misc
@@ -0,0 +1 @@
+Reduce the SSL session caches from 50m each to 3m each. This should be good for 12k sessions (within 1day) for each cache and will help reduce memory usage.