One big overheard in SSL can be zlib compression buffers. Setting ssl_op_no_comp... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		shanemhansen on June 10, 2015 \| parent \| context \| favorite \| on: Hitch – A Scalable TLS Proxy by Varnish One big overheard in SSL can be zlib compression buffers. Setting ssl_op_no_compression can help quite a bit.

skuhn on June 10, 2015 [–]

That's true, and you shouldn't support TLS compression anyway (to resolve attacks like CRIME).

You should also set SSL_MODE_RELEASE_BUFFERS to reclaim memory from idle SSL connections.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact