Session ID cache
IBM HTTP Server caches SSL session IDs when Web clients establish secure connections with the Web server. Cached session IDs enable subsequent SSL session requests to use a shortened SSL handshake during session establishment. Session ID caching is enabled by default on all supported platforms.
![[AIX]](aixlogo.gif)
![[HP-UX]](hpux.gif)
![[Linux]](linux.gif)
![[Solaris]](solaris.gif)
The session ID cache is implemented
as a daemon process named sidd. We will see this process running when
IBM HTTP Server is started with SSL enabled.
![[AIX Solaris HP-UX Linux Windows]](dist.gif)
In most cases, we will not need to take an additional
configuration steps to effectively use SSL session ID caching in IBM HTTP
Server.
![[z/OS]](ngzos.gif)
IBM recommends that we disable IBM
HTTP Server session ID caching (sidd). The z/OS System SSL provides
an equivalent function that can perform better with some additional configuration.
- Disable the IBM HTTP Server sidd with the SSLCacheDisable directive
and remove any existing SSLCacheEnable directives in httpd.conf.
- Enable "SSL Started Task" for z/OS System SSL. For more information
on the following setup instructions, refer to the section "SSL Started Task"
in z/OS Cryptographic Services System SSL Programming (SC24-5901),
which we can link to from the z/OS Internet Library:
- Set the following environment variables in bin/envars :
- GSK_V3_SIDCACHE_SIZE=2048
- GSK_V2_SIDCACHE_SIZE=2048
- GSK_SYSPLEX_SIDCACHE=ON
- export GSK_V3_SIDCACHE_SIZE GSK_V2_SIDCACHE_SIZE GSK_SYSPLEX_SIDCACHE
- GSK_V3_SIDCACHE_SIZE=2048
- Configure the limits in the started task by editing /etc/gskssl/server/envar.
- GSK_LOCAL_THREADS
- GSK_SIDCACHE_SIZE
- GSK_LOCAL_THREADS
- Set the following environment variables in bin/envars :
Related reference
SSL directives
Related information
z/OS Internet Library