question regarding ssl setting
i have installed an wildcard ssl from alphassl. and on configuring i used ssl-param from this following post.
so now i have put all these ssl settings inside snippets/ssl-param.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 220.127.116.11 18.104.22.168 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; always"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; ssl_dhparam /etc/ssl/certs/dhparam.pem;
i just added
ssl_session_timeout 60m; to the list and change preload to always.
now my question is, are these settings meant to be with with any other certificates other then let's encrypt? im a bit confused are those going to help or degrade ssl negotiation? because on my previous server i used only few of above configs only.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_session_cache shared:SSL:10m;
also please take a look at the following image, my site initial loading is not that fast i expected. and 6/7 files are now requiring ssl handshake even when they are from the same domain. is this normal??