How does the proxy handle SSL session IDs in a reverse proxy environment
searchcancel
How does the proxy handle SSL session IDs in a reverse proxy environment
book
Article ID: 165936
calendar_today
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
When a client opens an SSL connection, the "Client hello" will contain a session ID. Here is how the proxy handles those IDs :
The proxy keeps a table of all the open SSL sessions and their IDs. If a client opens a new socket and reuses the same SSL Session ID, the proxy will find that ID in it's table and skip the key exchange for that session.
SSL Session IDs can be reused for up to an hour regardless if they are active or idling. After 60 minutes, the proxy will (via the Server hello) request a new SSL Session ID
The session timeone is set on the proxy side, not the client side.