Chapter 4
Configuring SSL Termination
Disabling Keepalive Messages for the SSL Module
Specifying the SSL Session ID Cache Size
Note
OL-5655-01
For example, to identify an SSL module in slot 3 of the CSS chassis, enter:
(config-service[ssl_serv1])# slot 3
The SSL module is an integrated device within the CSS chassis and, therefore, does
not require the use of keepalive messages for the service. Use the keepalive type none
command to instruct the CSS not to send keepalive messages to a service. For details
on specifying a keepalive type, refer to the Cisco Content Services Switch Content
Load-Balancing Configuration Guide.
To disable sending keepalive messages for an SSL service, enter:
(config-service[ssl_serv1])# keepalive type none
The cache size is the maximum number of SSL session IDs that can be stored in a
dedicated session cache on an SSL module. By default, the SSL session cache can
hold 10000 sessions. If necessary for your SSL service, you can increase the SSL
session cache size to 100000. Use the session-cache-size command to reconfigure the
size of the SSL session ID cache for a service. Valid entries are 0 (SSL session cache
disabled) to 100000 sessions.
Cisco Systems does not recommend specifying a zero value for the
session-cache-size command to ensure that the SSL session ID is reused.
Specifying an SSL session cache and cache timeout allows the reuse of the master
key on subsequent connections between the client and the CSS SSL module,
which can speed up the SSL negotiation process and improve CSS performance.
The back-end session ID cache is 4096 entries and is not configurable.
Configuring a Service for SSL Termination
Cisco Content Services Switch SSL Configuration Guide
4-51