For improved performance, EAServer caches SSL session identifiers and allows clients to reuse them. Since creating an SSL session requires CPU-intensive computations, SSL session reuse results in a relatively large performance gain over setting up completely new security sessions for each connection. The SSL settings for a listener are configured in the security profile set in the listener Security Profile property (if using jagtool, the property com.sybase.jaguar.listener.security). For details on creating security profiles, see “Configuring security profiles” in Chapter 13, “Security Configuration Tasks,” in the EAServer Security Administration and Programming Guide.
The settings below, on the Advanced tab in the EAServer Manager Security Profile Properties dialog box, control how SSL clients can reuse sessions for subsequent and simultaneous connections.
Setting |
Description |
|---|---|
SSL Cache Size |
The number of entries in SSL session cache. If using jagtool, set as security profile property com.sybase.jaguar.security.sesscachesize. |
SSL Session Share |
The number of concurrent connections that can simultaneously use the same session entry (ID) in the session cache. If using jagtool, set as security profile property com.sybase.jaguar.security.sessshare. |
SSL Session Linger |
The duration for which a session entry is kept in the SSL session cache after the last SSL session using this session ID was closed. If using jagtool, set as security profile property com.sybase.jaguar.security.cachetime. |
Cached sessions allow the client to reuse a session in a subsequent connection. The SSL Cache Size setting controls how many entries can be cached. Set this to a number less than or equal to the maximum connections setting for the server. The default cache size for security profiles created in EAServer Manager is 30. The cache requires approximately 64 bytes per entry. The SSL Session Linger value specifies how long cached session IDs remain valid. The default is 8 hours.
The SSL Session Share setting specifies how many simultaneous connections can share one session ID. Session sharing can improve performance when the client opens multiple connections simultaneously. For example, a browser client may open several connections at once to download images linked to an HTML page. Session sharing allows the client to reuse the session for the second and subsequent connections, up to the number of concurrent connections specified by the SSL Session Share value. The default value is 10.
These are advanced SSL parameters. They should be set
only by someone who is knowledgeable about SSL.
