SSLMAXAGE (JANUS DEFINE parameter)

From m204wiki
Jump to navigation Jump to search

SSLMAXAGE xxx — Max minutes to maintain SSL session

SSLMAXAGE is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.

This parameter specifies the maximum number of minutes that an SSL session is to be maintained. A Janus port whose definition includes an SSL parameter supports SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encrypted sessions. The discussion of this SSLMAXAGE parameter uses "SSL" to refer to SSL or TLS.

An SSL session is a series of SSL connections that are made using a single "master secret" shared by the SSL client and server. To set up an SSL session, the master secret must be exchanged using computationally expensive public-key/private-key encryption/decryption. SSL sessions are a way of reducing the overhead of SSL by reducing the number of public-key/private-key encryption/decryption operations.

The SSLMAXAGE default is 1440 (24 hours), which is the specified maximum life-span of an SSL V3 or a TLS session. The maximum life-span of an SSL V2 session is 2 minutes, so larger values of SSLMAXAGE are ignored for SSL V2 sessions.

The 24-hour life-span of SSL V3 and TLS sessions is generally considered "safe", but if even greater security is required, a smaller SSLMAXAGE can be specified. Setting SSLMAXAGE to 0 forces a new session for every request, which forces a public-key/private-key encryption/decryption operation for every connection. This might be useful for benchmarking the overhead associated with the public-key/private-key operations. The JANUS SSLSTAT command can provide useful information in monitoring the efficacy of SSL session caching.

SSLMAXAGE is valid for SRVSOCK, WEBSERV, OPENSERV, and SDS port types.

See also