From 66a962cbdf3c5bf044f37ee0b6458acbe9575c29 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Thu, 7 Jan 2016 15:12:38 -0600
Subject: 10m ssl_session_cache is adequate for our use cases.

---
 src/etc/inc/system.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/etc/inc/system.inc')

diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index bdc248e..77d5876 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -1279,7 +1279,7 @@ EOD;
 		$nginx_config .= "\t\tssl_certificate_key     {$g['varetc_path']}/{$key_location};\n";
 		$nginx_config .= "\t\tssl_session_timeout     10m;\n";
 		$nginx_config .= "\t\tkeepalive_timeout       70;\n";
-		$nginx_config .= "\t\tssl_session_cache       shared:SSL:100m;\n";
+		$nginx_config .= "\t\tssl_session_cache       shared:SSL:10m;\n";
 		$nginx_config .= "\t\tssl_protocols   TLSv1 TLSv1.1 TLSv1.2;\n";
 		$nginx_config .= "\t\tssl_ciphers \"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH\";\n";
 		$nginx_config .= "\t\tssl_prefer_server_ciphers       on;\n";
-- 
cgit v1.1