proxy_ssl_session_reuse
The `proxy_ssl_session_reuse` directive controls whether to reuse SSL sessions between proxied connections.
Description
The proxy_ssl_session_reuse directive specifies whether NGINX should attempt to reuse SSL sessions when proxying SSL connections. By default, SSL session reuse allows for faster reconnections by reducing the performance overhead associated with establishing new SSL connections. If this directive is set to 'on', NGINX will utilize cached SSL sessions when making an SSL connection to a proxied server, which can lead to improved response times and reduced CPU load on both the client and server sides. Conversely, if set to 'off', SSL sessions will not be reused, requiring a full handshake for each proxied connection, which can negatively impact performance, especially under high load.
This directive can be particularly beneficial in scenarios where connections to backend servers are established frequently and need to be secured via SSL. It is configurable at the http, server, or location context levels, allowing for flexibility in managing SSL performance optimizations based on different routing needs. To implement this directive, ensure that your upstream servers support SSL session IDs for maximized efficiency, as this is a requirement for the session reuse feature to be effective.
Config Example
location /api {
proxy_pass https://backend;
proxy_ssl on;
proxy_ssl_session_reuse on;
}SSL session reuse is only effective if the upstream servers support it.
Setting this directive to 'off' can lead to increased SSL handshake load, impacting performance.
This directive interacts with SSL cache settings; if caching is not configured properly, session reuse may not occur as expected.