OCSP stapling can significantly reduce the overhead and latency of running SSL. We enable OCSP stapling on all of our nginx instances at Commando.io.
OCSP stapling, formally known as the TLS Certificate Status Request extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) for checking the revocation status of X.509 digital certificates. It allows the presenter of a certificate to bear the resource cost involved in providing OCSP responses, instead of the issuing Certificate Authority (CA). — Wikipedia
It is actually quite trivial to setup in nginx with a few directives.
resolver 22.214.171.124 126.96.36.199 valid=300s;
You must specify a DNS resolver, since nginx makes external http requests. We use Google Public DNS, but OpenDNS, or your hosting providers DNS should all work just fine. We also set a 5 minute time to live cache period and a 10 second resolver timeout.
You'll need to also provide the SSL trusted certificate. We have a wildcard SSL certificate from GoDaddy, so the content of stapling.trusted.crt is simply: