Keepalive_timeout timeout causes high TTFB

Rafa_F · July 24, 2015, 3:41pm

I am trying to further optimize SSL but if i enable keepalive_timeout i
get
high TTFB as shown in the report below

When i disable keepalive_timeout , TTFB is fixed but nginx recommand
keepalive_timeout :
http://nginx.org/en/docs/http/configuring_https_servers.html

Why does this happen ?

I welcome any other advice to further optimise SSL

Thanks

listen 443 spdy default_server reuseport;
ssl on;
ssl_certificate /etc/ssl/filterbypass.me.crt; #(or .pem)
ssl_certificate_key /etc/ssl/filterbypass.me.key.nopass;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#keepalive_timeout 70;
#ssl_ciphers
ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_ciphers
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
ssl_buffer_size 8k;
ssl_session_cache shared:SSL:20m;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_session_timeout 45m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/trustchain.crt;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security “max-age=31536000;
includeSubDomains”;

Posted at Nginx Forum:

khav · July 24, 2015, 4:30pm

On Friday 24 July 2015 09:40:40 khav wrote:

I am trying to further optimize SSL but if i enable keepalive_timeout i get
high TTFB as shown in the report below

Website Speed Test | Pingdom Tools

When i disable keepalive_timeout , TTFB is fixed but nginx recommand
keepalive_timeout :
Configuring HTTPS servers

Why does this happen ?
[…]

In the report above SPDY protocol was used, but the keepalive_timeout
directive configures a timeout for https keepalive connections, and
has no effect with SPDY.

I believe it was just a coincidence, and big TTFB caused by something
else.

wbr, Valentin V. Bartenev