SSLMAXAGE (JANUS DEFINE parameter): Difference between revisions
mNo edit summary |
m (moved SSLMAXAGE to SSLMAXAGE (JANUS DEFINE parameter)) |
(No difference)
| |
Revision as of 23:36, 6 December 2011
<section begin="desc" />SSLMAXAGE xxx -- max minutes to maintain SSL session<section end="desc" />
SSLMAXAGE is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port. See the List of JANUS DEFINE parameters.
This parameter specifies the maximum number of minutes that an SSL session is to be maintained. A Janus port whose definition includes an SSL parameter supports SSL (Secure Sockets Layer) or TLS (Transport Layer Security) encrypted sessions. The discussion of this SSLMAXAGE parameter uses "SSL" to refer to SSL or TLS.
An SSL session is a series of SSL connections that are made using a single "master secret" shared by the SSL client and server. To set up an SSL session, the master secret must be exchanged using computationally expensive public-key/private-key encryption/decryption. SSL sessions are a way of reducing the overhead of SSL by reducing the number of public-key/private-key encryption/decryption operations.
The SSLMAXAGE default is 1440 (24 hours), which is the specified maximum life-span of an SSL V3 or a TLS session. The maximum life-span of an SSL V2 session is 2 minutes, so larger values of SSLMAXAGE are ignored for SSL V2 sessions. Before Version 6.0 of the Sirius Mods, only SSL V2 was supported and the SSLMAXAGE parameter was not available, so an implicit SSLMAXAGE value of 2 was always used.
The 24-hour life-span of SSL V3 and TLS sessions is generally considered "safe", but if even greater security is required, a smaller SSLMAXAGE can be specified. Setting SSLMAXAGE to 0 forces a new session for every request, which forces a public-key/private-key encryption/decryption operation for every connection. This might be useful for benchmarking the overhead associated with the public-key/private-key operations. The JANUS SSLSTAT command can provide useful information in monitoring the efficacy of SSL session caching.
SSLMAXAGE is valid for SRVSOCK, WEBSERV, OPENSERV and SDS port types.
References
See: List of Janus commands | List of JANUS DEFINE parameters.