Re: Google dumps SPDY in favour of HTTP/2, any plans for nginx?

2015-02-10 Thread Ilya Grigorik
Pedantic, but I object to the wording in the title :) ... SPDY was/is an experimental branch of HTTP/2, and now that HTTP/2 is in the final stages of becoming a standard, there is no longer the need for SPDY and hence the announcement of a deprecation timeline -- it's not and never was SPDY vs. HTT

Re: Optimizing NGINX TLS Time To First Byte (TTTFB)

2013-12-20 Thread Ilya Grigorik
On Thu, Dec 19, 2013 at 4:21 PM, Maxim Dounin wrote: > > Alternatively, what are your thoughts on making this adjustment > > dynamically? Start the connection with small record size, then bump it to > > higher limit? In theory, that would also avoid the extra config flag. > > In theory, this may

Re: Optimizing NGINX TLS Time To First Byte (TTTFB)

2013-12-19 Thread Ilya Grigorik
AC is verified and contents are decrypted + finally passed to the application. On Wed, Dec 18, 2013 at 4:50 PM, Alex wrote: > On 2013-12-19 01:04, Ilya Grigorik wrote: > > > FWIW, for these exact reasons the Google frontend servers have been using > TLS record = TCP segment for a few years

Re: Optimizing NGINX TLS Time To First Byte (TTTFB)

2013-12-18 Thread Ilya Grigorik
On Tue, Dec 17, 2013 at 7:59 PM, Alex wrote: > > I did some empirical testing and with my configuration (given cipher > size, padding, and all), I came to 1370 bytes as being the optimal size > for avoid fragmenting of TLS record fragmentation. > Ah, right, we're not setting the "total" record si

Re: Optimizing NGINX TLS Time To First Byte (TTTFB)

2013-12-17 Thread Ilya Grigorik
> > >>> What I don't get from your patch, it seems like you are hardcoding the > >>> buffer to 16384 bytes during handshake (line 570) and only later use a > >>> 1400 byte buffer (via NGX_SSL_BUFSIZE). > >>> > >>> Am I misunderstanding the patch/code? > > > > It may well be the case that I'm misund