Hello! On Tue, Mar 04, 2014 at 09:22:48AM +0100, Alex wrote:
> Hi! > > On 2014-03-03 18:45, Maxim Dounin wrote: > > Note well that configuring ssl_buffer_size to 1400 isn't a good > > idea unless you are doing so for your own performance testing. > > See previous discussions for details. > > Maxim, I remember the discussion that was started by Ilya. From what I > understood is that it depends on your specific needs. If you have a > website with standard markup and without serving large files, it seems > reasonable to choose a smaller ssl buffer size to avoid TLS record > fragmentation (and thus optimize time to first byte). On the other hand, > if you deliver large streams, it would seem be counter-productive to > limit the buffer size since you'd occur more bandwidth and processing > overhead. > > Or did I misunderstand and you'd still say that a ssl_buffer_size of > 1400 is generally a bad idea? Bandwidth and processing overhead isn't something specific to serving large files, it's always here - even if you serve small resources. On the other hand, from TTFB point of view there is almost no difference between 1400 and 4096 - as long as resulting payload is under initial congestion window. That is, from time to first byte optimization point of view, I would recommend using ssl_buffer_size 4k (or, if your server follows IW10, 8k may be a better idea). Just for the record, previous discussion can be found here: http://mailman.nginx.org/pipermail/nginx/2013-December/041533.html -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
