Start of change

Managing the performance of Secure Sockets Layer support

Transactions using the Secure Sockets Layer (SSL) for Web security will increase in CPU per transaction because of the SSL handshake that occurs when the sockets connection is established. You can optimize SSL performance by:

Keeping the socket open also removes the need to perform a full SSL handshake on the second and any subsequent HTTP request. This is the default action due to HTTP 1.1 persistence.

You should also only use client authentication (SSL(CLIENTAUTH) in the TCPIPSERVICE definition) when you really need your clients to identify themselves with a client certificate. This is because client authentication involves more network interchanges during the SSL handshake, and more internal CICS processing to handle the received certificate. This includes a search of the external security manager's database to locate a user ID to associate with the certificate.

Monitoring the SSL pool

You can use the dispatcher TCB statistics from the DFH0STAT and DFHSTUP utility programs to monitor the S8 TCBs in the SSL pool. The maximum number of TCBs is set by the MAXSSLTCBS system initialization parameter. If you want to improve the performance of SSL, you can use the dispatcher reports to find out if there are a large number of tasks waiting for an S8 TCB. Also look at the number of tasks that have queued. If both fields report a large number, increase the maximum number of S8 TCBs using the CEMT INQ DISPATCHER or CEMT SET DISPATCHER commands. If you have a small number of tasks queued, but a large number of waits, you can decide whether you want to increase the number of S8 TCBs. Increasing the number by one or two could make a difference to the number of waits and reduce the tasks queued, without causing significant overheads in storage.

The maximum number of S8 TCBs that you can set is 1024. However, setting a very large number of S8 TCBs can also impact performance because of the amount of storage used. If CICS runs out of storage, you get a TCB attach failure. This is reported in the dispatcher reports for the S8 TCB mode statistics.

Related tasks
CICS Web support: performance and tuning
Storage requirements for CICS Web support
Priorities for CICS Web support transactions (CWXN, CWXU, CWBA)
Relative performance of CICS Web support response methods
End of change [[ Contents Previous Page | Next Page Index ]]