Home

 

Session ID cache

 

+

Search Tips   |   Advanced Search

 

IBM HTTP Server caches SSL session IDs when Web clients establish secure connections. Cached session IDs enable subsequent SSL session requests to use a shortened SSL handshake during session establishment.

Session ID caching is enabled by default on all supported platforms.

*nix: The session ID cache is implemented as a daemon process named sidd. You will see this process running when IBM HTTP Server is started with SSL enabled.

In most cases, you will not need to take an additional configuration steps to effectively use SSL session ID caching in IHS.

z/OS: It is recommended that you disable IHS session ID caching (sidd).

The z/OS System SSL provides an equivalent function that can perform better with some additional configuration.

• Disable the IBM HTTP Server sidd with the SSLCacheDisable directive and remove any existing SSLCacheEnable directives in httpd.conf.

• Enable "SSL Started Task" for z/OS System SSL.

  • Set the following environment variables in bin/envars:
    • GSK_V3_SIDCACHE_SIZE=2048
    • GSK_V2_SIDCACHE_SIZE=2048
    • GSK_SYSPLEX_SIDCACHE=ON
    • export GSK_V3_SIDCACHE_SIZE GSK_V2_SIDCACHE_SIZE GSK_SYSPLEX_SIDCACHE

  • Configure the limits in the started task by editing /etc/gskssl/server/envar.
    • GSK_LOCAL_THREADS
    • GSK_SIDCACHE_SIZE

---

 

Related reference

SSL directives

 

Related information

z/OS Internet Library