Specifying Ssl Session Cache Timeout - Cisco 11503 - CSS Content Services Switch Configuration Manual

Content services switch ssl configuration guide

Hide thumbs Also See for 11503 - CSS Content Services Switch:

Administration manual (392 pages)

Hardware installation manual (184 pages)

Getting started manual (142 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

Table of Contents

Chapter 4

Configuring SSL Termination

Configuring Virtual SSL Servers for an SSL Proxy List

(config-ssl-proxy-list[ssl_list1])# ssl-server 20 urlrewrite 1

www.acme*

(config-ssl-proxy-list[ssl_list1])# ssl-server 20 urlrewrite 2

www.acme*

To view statistical information on SSL URL rewrite, see

Chapter 7, Displaying

SSL Configuration Information and

Statistics.

Specifying SSL Session Cache Timeout

In SSL, a new session ID is created every time the client and the CSS SSL module

go through a full key exchange and establish a new master secret key. Specifying

an SSL session cache timeout allows the SSL module to reuse the master key on

subsequent connections with the client, which can speed up the SSL negotiation

process. You can specify a timeout value to set the total amount of time an SSL

session ID remains valid before the SSL module requires the full SSL handshake

to establish a new SSL session.

The selection of an SSL session cache timeout value is important when using the

advanced-balance ssl load-balancing method for a Layer 5 content rule to help

fine-tune the SSL session ID that is used to stick the client to the server.

Use the ssl-server number session-cache seconds command to configure the SSL

module to resume connection with a client using a previously established secret

key. Enter an SSL session cache timeout value in seconds, from 0 (SSL session ID

reuse disabled) to 72000 (20 hours). The default is 300 seconds (5 minutes). By

disabling this option (entering a value of 0), the full SSL handshake occurs for

each new connection between the client and the SSL module.

Cisco Systems does not recommend specifying a zero value for the ssl-server

Note

number session-cache seconds command. A non-zero value ensures that the SSL

session ID is reused to improve CSS performance.

For example, to configure the reuse of an SSL session ID with a client using a

timeout value of 10 hours, enter:

(config-ssl-proxy-list[ssl_list1])# ssl-server 20 session-cache 36000

To reset the SSL session reuse timeout to the default of 300 seconds, enter:

(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 session-cache

Cisco Content Services Switch SSL Configuration Guide

4-38

OL-5655-01

Table of Contents

This manual is also suitable for:

11500 series

Specifying Ssl Session Cache Timeout - Cisco 11503 - CSS Content Services Switch Configuration Manual

Specifying SSL Session Cache Timeout

Related Manuals for Cisco 11503 - CSS Content Services Switch

Related Content for Cisco 11503 - CSS Content Services Switch

This manual is also suitable for:

Table of Contents