diff --git a/doc/configuration.txt b/doc/configuration.txt index 6856463f3..b30b52f51 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -2520,16 +2520,17 @@ tune.sndbuf.server tune.ssl.cachesize Sets the size of the global SSL session cache, in a number of blocks. A block - is large enough to contain an encoded session without peer certificate. - An encoded session with peer certificate is stored in multiple blocks - depending on the size of the peer certificate. A block uses approximately - 200 bytes of memory. The default value may be forced at build time, otherwise - defaults to 20000. When the cache is full, the most idle entries are purged - and reassigned. Higher values reduce the occurrence of such a purge, hence - the number of CPU-intensive SSL handshakes by ensuring that all users keep - their session as long as possible. All entries are pre-allocated upon startup - and are shared between all processes if "nbproc" is greater than 1. Setting - this value to 0 disables the SSL session cache. + is large enough to contain an encoded session without peer certificate. An + encoded session with peer certificate is stored in multiple blocks depending + on the size of the peer certificate. A block uses approximately 200 bytes of + memory (based on `sizeof(struct sh_ssl_sess_hdr) + SHSESS_BLOCK_MIN_SIZE` + calculation used for `shctx_init` function). The default value may be forced + at build time, otherwise defaults to 20000. When the cache is full, the most + idle entries are purged and reassigned. Higher values reduce the occurrence + of such a purge, hence the number of CPU-intensive SSL handshakes by ensuring + that all users keep their session as long as possible. All entries are + pre-allocated upon startup and are shared between all processes if "nbproc" + is greater than 1. Setting this value to 0 disables the SSL session cache. tune.ssl.force-private-cache This option disables SSL session cache sharing between all processes. It