ssl_session_timeout
The `ssl_session_timeout` directive sets the timeout period for SSL session caching in NGINX.
Description
The ssl_session_timeout directive is used to specify the time duration for which an SSL session should be cached by the server. When a client connects using SSL, a session may be established which can improve performance for subsequent connections by reusing the session parameters instead of negotiating new ones. This directive allows administrators to define how long a cached session can remain valid before it is considered expired and removed from the cache. The time can be specified with a unit such as s (seconds), m (minutes), or h (hours), and the caching mechanism significantly enhances the efficiency of SSL negotiation, particularly for clients that frequently connect to the server.
The directive can be placed within the http or server context of the NGINX configuration, allowing flexibility depending on whether the timeout should apply globally or to a specific server block. Setting this directive appropriately ensures that resources are managed effectively while balancing security considerations, as shorter timeouts may enhance security at the cost of some performance.
Config Example
server {
listen 443 ssl;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_session_timeout 30m;
}Setting the session timeout too low may lead to frequent SSL negotiations, resulting in performance degradation.
Ensure that SSL session caching is enabled when using this directive, otherwise it will have no effect.