Enabling session caching, Configuring session cache size, Configuring a session cache timeout – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 143: Enabling ssl version 2

Advertising
background image

Brocade Virtual ADX Security Guide

131

53-1003250-01

Advanced SSL profile configuration

6

Enabling session caching

Session caching or session reuse is a mode of operation in SSL where multiple SSL connections
can share the same SSL session. A complete SSL handshake is done only for the first connection.
All subsequent connections use the parameters negotiated in the first connection, for as long as
the SSL session is cached.

By default, session caching is turned off on the Brocade Virtual ADX.

The following example enables session caching for the SSL client in the SSL profile "profile1".

Virtual ADX(config)#ssl profile profile1

Virtual ADX(config-ssl-profile-profile1)#session-cache on

Syntax: [no] session-cache { on| off }

The on parameter enables session caching for the SSL client.

The off parameter disables session caching. This is the default state.

NOTE

Please note that SSL session caching will not work with the server source-port-hash command
because that command will redirect traffic (from the same client IP) with different TCP source ports
to different BPs.

Configuring session cache size

You can specify the maximum number of session-cache entries per profile, as shown in the
following example:

Virtual ADX(config-ssl-profile-ssl1)#session-cache max-entries 512

Syntax: [no] session-cache max-entries num-max-entries

The num-max-entries can have a value between 512 and 8192.

The default value is 1024.

Configuring a session cache timeout

By default, SSL sessions are held in the cache for 30 seconds. You can change the time period a
session is in cache, as shown in the following.

Virtual ADX(config)#ssl profile profile1

Virtual ADX(config-ssl-profile-profile1)#session-cache-timeout

Syntax: [no] session-cache-timeout timeout-in-seconds

The timeout-in-seconds variable can be set to a value between 20 and 86400 seconds. The default
value is 30 seconds.

Enabling SSL Version 2

By default, the Brocade Virtual ADX supports SSL version 3. You can enable SSL version 2 as
shown in the following example.

To do this, enter the following command under the SSL profile:

Advertising
Popular Brands
Popular manuals