ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere DataPower » SSL Session Caching (DP firmware 6)

Post new topic  Reply to topic
 SSL Session Caching (DP firmware 6) « View previous topic :: View next topic » 
Author Message
hopsala
PostPosted: Sun Mar 30, 2014 12:23 pm    Post subject: SSL Session Caching (DP firmware 6) Reply with quote

Guardian

Joined: 24 Sep 2004
Posts: 960

Hey,

So I've been looking into DP's session caching parameters in the SSL Proxy Profile:
1a. Server-Side Session Caching (on/off)
1b. Server-Side Cache Timeout (seconds)
1c. Server-Side Cache Size (entries x1024)
2a. Client-Side Session Caching (on/off)
2b. Client-Side Cache Timeout (seconds)
2c. Client-Side Cache Size (entries)

The idea is, supposedly, that rather than opening a new SSL session on every request, DP will keep sessions open against the back-end (Client-Side cache) and will allow the front-end to keep its SSL session open for reuse (Server-Size cache)

Now, before I go production with this, I'd like to know a little more. Thing is, the literature contains barely two sentences about these parameters, and neither google or redbooks have proven to be much help. I was only able to find this rather terse technote: http://www-01.ibm.com/support/docview.wss?uid=swg21442571
and the following snippet from a redbook (http://tinyurl.com/nhctwrg): (p.125) "By default, SSL server implementations cache SSL session-specific state data, such as the session ID, the peer certificate, compression method, and crypto specs and secrets."

Hardly golden material. So, in case anyone has any experience with this, I'd love to know:
1. Why is it "entriesx1024"? I don't get the sense of this. The default is 20, which, allegedly, means that DP will let the front-end keep 20480 SSL sessions open at any given time?? really?
2. Is there any way to control the cache? clear it? view it?
3. Did I get the idea of server-side caching correctly - that it just "allows" the client to keep sessions open? why is this important? I mean, can't the client just keep the connection going and do GET after GET? (or POST) Why does DP need to be aware of this?
4. Most importantly - does anyone have this working in production and can vouch for its effectiveness/safety?

Maybe after we gather a bit of data on this, I'll make a doc request so that the lit explains a little more about it.

Thanks!
Back to top
View user's profile Send private message
hopsala
PostPosted: Tue Apr 01, 2014 12:55 pm    Post subject: Reply with quote

Guardian

Joined: 24 Sep 2004
Posts: 960

bump

this looks like a long and complex question, but really it's quite simple - does anyone have any experience with SSL caching and can tell me what they've found?

cheers!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere DataPower » SSL Session Caching (DP firmware 6)
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.