We talked a bit in the meeting about this. It looks like we hold our SSL sessions open for 30 minutes but we have a maximum of 6000 sessions across all the AMO domains. I think we run through that in seconds so it's not really getting any caching at all. We should investigate increasing the ssl!cache!size flag on zeus and see if our performance improves. As a baseline measurement, the purple on this graph is all SSL handshaking time: http://www.webpagetest.org/result/091209_3GK5/1/details/
Will test by bumping up to 1m. Should eat about 700MB of mem (so next to nothing).
Created attachment 417037 [details] SSL Session ID hit rate Point of reference, current SSL session cache hit rate is about 85%
Changes made and ZXTM restarted right now.
Looks about the same, but the size is now set @ 1,000,000. I think versioncheck is probably throwing off the graphs since almost no one will be reusing their SSL session.
New test: http://www.webpagetest.org/result/091211_3JDB/1/details/ Looks like the multiple ssl negotiation wasn't due to session expiration. IE opens 6 connections/host, I think it may have to create a new ssl session for each connection.