ssl_certificate_cache

The ssl_certificate_cache directive in NGINX configures the caching settings for SSL certificates. When SSL connections are established, NGINX can store the SSL certificates in a cache for reuse. This caching behavior helps improve performance by reducing the need to repeatedly load SSL certificates for the same connections or during active session management. The parameters allow tuning the cache size and duration of certificate retention.

The directive can accept one to three arguments. The first parameter specifies the cache size, which defines the amount of memory allocated for caching certificates. It can use common size suffixes like 'k', 'm', or 'g' to denote kilobytes, megabytes, or gigabytes. The second optional parameter sets a timeout, defining how long a certificate remains valid in the cache, while the third optional parameter specifies the maximum number of cached entries. If not set, certificates will remain in the cache until the cache size limit is reached, subsequently evicting the least recently used items.

Using ssl_certificate_cache helps optimize SSL handshake times as NGINX can retrieve certificates from memory, avoiding filesystem I/O. However, administrators should be cautious with cache sizes and hold durations as they can affect memory usage and certificate refresh dynamics, especially in environments with frequently changing SSL certificates.