How Enabling Nginx SSL Session Cache Can Boost TLS Performance by 40%

Previously I wrote about general HTTPS optimization for Nginx; here we dive deeper into the ssl_session_cache directive, its four modes, and the performance impact of enabling it.

SSL Session Cache Modes

off – strictly disables session caching.

none – loosely disables caching; Nginx does not store sessions.

builtin – uses OpenSSL's built‑in cache, limited to a single worker and can cause memory fragmentation.

shared – a shared cache accessible by all worker processes.

To measure the benefit, we captured traffic with Wireshark on a test Nginx instance that only had the certificate and key configured. The full TLS handshake involves multiple round‑trips, as shown in the following diagram:

After enabling ssl_session_cache and capturing again, the handshake was reduced to a single round‑trip, saving roughly 100 ms per connection (assuming a 50 ms RTT), which translates to about a 40 % efficiency gain.

How the Cache Works

When

ssl_session_cache</strong> is enabled, TLS session reuse proceeds as follows:</p><ol><li>The client sends a <em>Client Hello</em> containing a Session ID.</li><li>The server checks its cache for that Session ID.</li><li>If found, the server resumes the session and returns the same Session ID, avoiding a full handshake.</li><li>If not found, a full TLS handshake occurs.</li></ol><p>The cached session remains valid for the duration set by <code>ssl_session_timeout

, which defaults to five minutes.

Conclusion

Enabling ssl_session_cache in Nginx allows TLS session reuse, reducing handshake latency and improving overall connection performance by approximately 40 %.