SSL Session Reuse needs to be configured as well, otherwise every single request will have to perform a new handshake, independently of keepalive.

In practice I've always observed HTTPS requests to take at least twice as long compared to a back and forth through a websocket, even when SSR and keepalive are enabled. I don't know if having both theorically allows for single-roundtrip HTTPS requests.