Fixed description for SSL session cache & timeout (#237)

h5bp · Sep 7, 2019 · 0af3052 · 0af3052
1 parent 6d1a9d4
commit 0af3052
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/h5bp/ssl/ssl_engine.conf b/h5bp/ssl/ssl_engine.conf
@@ -2,11 +2,12 @@
 # | SSL engine                                                         |
 # ----------------------------------------------------------------------
 
-# (1) Optimize SSL by caching session parameters for 10 minutes.
+# (1) Optimize SSL by caching session parameters for 24 hours.
 #     This cuts down on the number of expensive SSL handshakes.
 #     By enabling a cache, we tell the client to re-use the already
 #     negotiated state.
-#     A 1Mb cache can hold about 4000 sessions, so we can hold 40000 sessions.
+#     Here 10m (10 MB) in ssl_session_cache is size value (not time).
+#     1 MB cache can store about 4000 sessions, so we can store 40000 sessions.
 #
 # (2) Use a higher keepalive timeout to reduce the need for repeated handshakes
 #     (!) Shouldn't be done unless you serve primarily HTTPS.
@@ -27,8 +28,8 @@
 # (5) Basic security improvements
 
 # (1)
-ssl_session_cache shared:SSL:10m;
 ssl_session_timeout 24h;
+ssl_session_cache shared:SSL:10m;
 
 # (2)
 keepalive_timeout 300s;