131 pointsby igrigorikover 11 years ago

2 comments

nodesocketover 11 years ago

SSL stapling can reduce the overhead as well, simple nginx config:<p><pre><code> http { ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/nginx/ssl/stapling.trusted.crt; resolver 8.8.4.4 8.8.8.8 valid=300s; resolver_timeout 15s; } </code></pre> We <a href="https://commando.io" rel="nofollow">https://commando.io</a> use GoDaddy SSL (sigh, face-palm), so the contents of stapling.trusted.crt is:<p><pre><code> http://pastebin.com/0H0i09Pn</code></pre>

评论 #6917942 未加载

评论 #6918488 未加载

评论 #6919147 未加载

评论 #6917980 未加载

jevinskieover 11 years ago

I like TLS False Start and other, similar speculative algorithms. Speculative execution is especially interesting in circuit design!

Optimizing Nginx TLS Time To First Byte

2 comments

Optimizing Nginx TLS Time To First Byte

2 comments