ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How does the proxy handle SSL session IDs in a reverse proxy environment

book

Article ID: 165936

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

When a client opens an SSL connection, the "Client hello" will contain a session ID. Here is how the proxy handles those IDs :


  • The proxy keeps a table of all the open SSL sessions and their IDs. If a client opens a new socket and reuses the same SSL Session ID, the proxy will find that ID in it's table and skip the key exchange for that session.
  • SSL Session IDs can be reused for up to an hour regardless if they are active or idling. After 60 minutes, the proxy will (via the Server hello) request a new SSL Session ID
  • The session timeone is set on the proxy side, not the client side.