SSL/TLS Optimization at Scale

1 min read Web Security Fundamentals

SSL/TLS Optimization at Scale

SSL/TLS processing can become a bottleneck for high-traffic HTTPS sites. Optimization techniques reduce this overhead:

# Optimized SSL configuration for high traffic
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 4h;
ssl_session_tickets on;
ssl_session_ticket_key /etc/nginx/ssl/ticket.key;

# Enable OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/chain.pem;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

# SSL buffer size optimization
ssl_buffer_size 4k;

# Prefer server ciphers for consistency
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;

# HTTP/2 configuration
http2_max_field_size 16k;
http2_max_header_size 32k;
http2_max_requests 10000;

# SSL session ticket rotation
stream {
    keyval_zone zone=ssl_ticket_keys:1m;
    keyval $ssl_server_name $ssl_ticket_key zone=ssl_ticket_keys;
}