Directive can have multiple meanings. Each variant is separated with horizontal line


[edit] ssl_session_cache

Syntax: ssl_session_cache off | none | [ builtin [: size ]] [ shared : name : size ]
Default: none
Context: http
server
Reference: ssl_session_cache


The directive sets the types and sizes of caches to store the SSL sessions.
The cache types are:

It's possible to use both types of cache — builtin and shared — simultaneously, for example:

  ssl_session_cache  builtin:1000  shared:SSL:10m;

Bear in mind however, that using only shared cache, i.e., without builtin, should be more effective.

For Nginx versions below 0.8.34 this directive shouldn't be set to 'none' or 'off' if ssl_verify_client is set to 'on' or 'optional'.

listen [::]:443 ssl default_server;

This is so because session resumption happens before any TLS extensions are enabled, namely Server Name Identification (SNI). The ClientHello message requests a session ID from a given IP address (server). For that to work the default server setting is required.

A preferred approach is to move the ssl_session_cache directive to the http context. The (minor) downside is that all configured virtual hosts get the same SSL cache settings.


Module: HttpSslModule

[edit] ssl_session_cache

syntax: ssl_session_cache [builtin[:size [shared:name:size]

default: builtin:20480

context: mail, server

The directive sets the types and sizes of caches to store the SSL sessions.
The cache types are:

ssl_session_cache  builtin:1000  shared:SSL:10m;

However, the only shared cache usage without that builtin should be more effective.


Module: MailSslModule