Since 30th June 2018, the PCI Security Standards Council has required that support for SSL 3.0 and TLS 1.0 be disabled and, more recently, to disable

Nginx tuning tips: TLS/SSL HTTPS – Improved TTFB/latency

submited by
Style Pass
2021-06-14 17:30:11

Since 30th June 2018, the PCI Security Standards Council has required that support for SSL 3.0 and TLS 1.0 be disabled and, more recently, to disable TLS 1.1. Using TLS 1.2 and 1.3 is strongly recommended. In addition, as of July 2018, Google Chrome began to mark ‘HTTP’ websites as “not secure.” Over the past few years, the internet has swiftly been transitioning to HTTPS. Over 90% of Chrome’s traffic loads over HTTPS and 97 of the web’s top 100 websites now use HTTPS by default.

With this in mind, let’s look at Nginx tuning tips to improve the performance of Nginx + HTTPS for better TTFB and reduced latency.

The first step in tuning Nginx for faster TTFB/latency with HTTPS is to ensure that at least HTTP/2 is enabled. HTTP/2 was first implemented in Nginx version 1.9.5 to replace spdy. Enabling the HTTP/2 module on Nginx is simple. We need to add the word http2 in the server block of our Nginx config file (ex. /etc/nginx/sites-enabled/sitename). (Remember: HTTP/2 requires HTTPS)

That’s it! HTTP/2 is used by 40% of all the websites, and HTTP/3 is used by only 20% of all the websites. (Source) You can enable HTTP/3 & QUIC by following these (French) guides.

Leave a Comment