When a client opens an SSL connection, the "Client hello" will contain a session ID. Here is how the proxy handles those IDs :
- The proxy keeps a table of all the open SSL sessions and their IDs. If a client opens a new socket and reuses the same SSL Session ID, the proxy will find that ID in it's table and skip the key exchange for that session.
- SSL Session IDs can be reused for up to an hour regardless if they are active or idling. After 60 minutes, the proxy will (via the Server hello) request a new SSL Session ID
- The session timeone is set on the proxy side, not the client side.