tune.ssl.cachesize <number>
Sets the size of the global SSL session cache, in a number of blocks. A block
- is large enough to contain an encoded session without peer certificate.
- An encoded session with peer certificate is stored in multiple blocks
- depending on the size of the peer certificate. A block uses approximately
- 200 bytes of memory. The default value may be forced at build time, otherwise
- defaults to 20000. When the cache is full, the most idle entries are purged
- and reassigned. Higher values reduce the occurrence of such a purge, hence
- the number of CPU-intensive SSL handshakes by ensuring that all users keep
- their session as long as possible. All entries are pre-allocated upon startup
- and are shared between all processes if "nbproc" is greater than 1. Setting
- this value to 0 disables the SSL session cache.
+ is large enough to contain an encoded session without peer certificate. An
+ encoded session with peer certificate is stored in multiple blocks depending
+ on the size of the peer certificate. A block uses approximately 200 bytes of
+ memory (based on `sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE`
+ calculation used for `shctx_init` function). The default value may be forced
+ at build time, otherwise defaults to 20000. When the cache is full, the most
+ idle entries are purged and reassigned. Higher values reduce the occurrence
+ of such a purge, hence the number of CPU-intensive SSL handshakes by ensuring
+ that all users keep their session as long as possible. All entries are
+ pre-allocated upon startup and are shared between all processes if "nbproc"
+ is greater than 1. Setting this value to 0 disables the SSL session cache.
tune.ssl.force-private-cache
This option disables SSL session cache sharing between all processes. It
projects / thirdparty / haproxy.git / commitdiff
