Product Documentation

Configuring Session Reuse

Aug 20, 2013

For SSL transactions, establishing the initial SSL handshake requires CPU-intensive public key encryption operations. Most handshake operations are associated with the exchange of the SSL session key (client key exchange message). When a client session is idle for some time and is then resumed, the SSL handshake is typically conducted all over again. With session reuse enabled, session key exchange is avoided for session resumption requests received from the client.

Session reuse is enabled on the NetScaler appliance by default. Enabling this feature reduces server load, improves response time, and increases the number of SSL transactions per second (TPS) that can be supported by the server.

To configure session reuse by using the command line interface

At the command prompt, type the following commands to configure session reuse and verify the configuration:

  • set ssl vserver <vServerName> -sessReuse ( ENABLED | DISABLED ) -sessTimeout <positive_integer>
  • show ssl vserver <vServerName>


> set ssl vserver vs-ssl -sessreuse enabled -sesstimeout 600 
> show ssl vserver vs-ssl 
        Advanced SSL configuration for VServer vs-ssl: 
        DH: DISABLED 
        Ephemeral RSA: ENABLED          Refresh Count: 1000 
        Session Reuse: ENABLED          Timeout: 600 seconds 
        Cipher Redirect: DISABLED 
        SSLv2 Redirect: DISABLED 
        ClearText Port: 0 
        Client Auth: DISABLED 
        SSL Redirect: DISABLED 
        Non FIPS Ciphers: DISABLED 
1)      CertKey Name: Auth-Cert-1       Server Certificate 
1)      Cipher Name: DEFAULT 
        Description: Predefined Cipher Alias 

To configure session reuse by using the configuration utility

  1. Navigate to Traffic Management > Load Balancing > Virtual Servers, and open a virtual server.
  2. In the SSL Parameters section, select Enable Session Reuse, and specify a time for which to keep the session active.