SSLMAXAGE (JANUS DEFINE parameter): Difference between revisions

From m204wiki
Jump to navigation Jump to search
mNo edit summary
m (remove displaytitle)
 
(7 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{DISPLAYTITLE:SSLMAXAGE}}
<span class="pageSubtitle">SSLMAXAGE xxx &mdash; Max minutes to maintain SSL session</span>
<span class="pageSubtitle"><section begin="desc" />SSLMAXAGE xxx -- max minutes to maintain SSL session<section end="desc" /></span>


<var>SSLMAXAGE</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port. See the [[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]].
<var>SSLMAXAGE</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port.  


This parameter specifies the maximum number of minutes that an SSL session is to be maintained. A Janus port whose definition includes an [[SSL]] parameter supports SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encrypted sessions. The discussion of this <var>SSLMAXAGE</var> parameter uses "SSL" to refer to SSL or TLS.  
This parameter specifies the maximum number of minutes that an SSL session is to be maintained. A Janus port whose definition includes an [[SSL]] parameter supports SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encrypted sessions. The discussion of this <var>SSLMAXAGE</var> parameter uses "SSL" to refer to SSL or TLS.  
Line 10: Line 9:
The <var>SSLMAXAGE</var> default is 1440 (24 hours), which is the specified maximum life-span of an SSL V3 or a TLS session. The maximum life-span of an SSL V2 session is 2 minutes, so larger values of <var>SSLMAXAGE</var> are ignored for SSL V2 sessions.  
The <var>SSLMAXAGE</var> default is 1440 (24 hours), which is the specified maximum life-span of an SSL V3 or a TLS session. The maximum life-span of an SSL V2 session is 2 minutes, so larger values of <var>SSLMAXAGE</var> are ignored for SSL V2 sessions.  


The 24-hour life-span of SSL V3 and TLS sessions is generally considered "safe", but if even greater security is required, a smaller <var>SSLMAXAGE</var> can be specified. Setting <var>SSLMAXAGE</var> to 0 forces a new session for every request, which forces a public-key/private-key encryption/decryption operation for every connection. This might be useful for benchmarking the overhead associated with the public-key/private-key operations. The <var>[[JANUS SSLSTAT]]</var> command can provide useful information in monitoring the efficacy of SSL session caching.  
The 24-hour life-span of SSL V3 and TLS sessions is generally considered "safe", but if even greater security is required, a smaller <var>SSLMAXAGE</var> can be specified. Setting <var>SSLMAXAGE</var> to 0 forces a new session for every request, which forces a public-key/private-key encryption/decryption operation for every connection. This might be useful for benchmarking the overhead associated with the public-key/private-key operations. The <var>[[JANUS SSLSTAT or SSLSTATUS|JANUS SSLSTAT]]</var> command can provide useful information in monitoring the efficacy of SSL session caching.  


<var>SSLMAXAGE</var> is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>[[JANUS DEFINE#type|WEBSERV]]</var>, OPENSERV and <var>[[JANUS DEFINE#type|SDS]]</var> port types.
<var>SSLMAXAGE</var> is valid for <var>[[JANUS DEFINE#type|SRVSOCK]]</var>, <var>[[JANUS DEFINE#type|WEBSERV]]</var>, <var>[[JANUS DEFINE#type|OPENSERV]]</var>, and <var>[[JANUS DEFINE#type|SDS]]</var> port types.


==See also==
==See also==

Latest revision as of 23:58, 7 June 2016

SSLMAXAGE xxx — Max minutes to maintain SSL session

SSLMAXAGE is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.

This parameter specifies the maximum number of minutes that an SSL session is to be maintained. A Janus port whose definition includes an SSL parameter supports SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encrypted sessions. The discussion of this SSLMAXAGE parameter uses "SSL" to refer to SSL or TLS.

An SSL session is a series of SSL connections that are made using a single "master secret" shared by the SSL client and server. To set up an SSL session, the master secret must be exchanged using computationally expensive public-key/private-key encryption/decryption. SSL sessions are a way of reducing the overhead of SSL by reducing the number of public-key/private-key encryption/decryption operations.

The SSLMAXAGE default is 1440 (24 hours), which is the specified maximum life-span of an SSL V3 or a TLS session. The maximum life-span of an SSL V2 session is 2 minutes, so larger values of SSLMAXAGE are ignored for SSL V2 sessions.

The 24-hour life-span of SSL V3 and TLS sessions is generally considered "safe", but if even greater security is required, a smaller SSLMAXAGE can be specified. Setting SSLMAXAGE to 0 forces a new session for every request, which forces a public-key/private-key encryption/decryption operation for every connection. This might be useful for benchmarking the overhead associated with the public-key/private-key operations. The JANUS SSLSTAT command can provide useful information in monitoring the efficacy of SSL session caching.

SSLMAXAGE is valid for SRVSOCK, WEBSERV, OPENSERV, and SDS port types.

See also