ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
How does the proxy handle SSL session IDs in a reverse proxy environment
Article ID: 165936
ProxySG Software - SGOS
When a client opens an SSL connection, the "Client hello" will contain a session ID. Here is how the proxy handles those IDs :
The proxy keeps a table of all the open SSL sessions and their IDs. If a client opens a new socket and reuses the same SSL Session ID, the proxy will find that ID in it's table and skip the key exchange for that session.
SSL Session IDs can be reused for up to an hour regardless if they are active or idling. After 60 minutes, the proxy will (via the Server hello) request a new SSL Session ID
The session timeone is set on the proxy side, not the client side.