IBM HTTP Server caches secure sockets layer (SSL) session IDs when
Web clients establish secure connections with the Web server. Cached session
IDs enable subsequent SSL session requests to use a shortened SSL handshake
during session establishment. Session ID caching is enabled by default on
all supported platforms.
The session ID cache is implemented
as a daemon process named sidd. You will see this process running when
IBM HTTP Server is started with SSL enabled.
In most cases, you will not need to take an additional
configuration steps to effectively use SSL session ID caching in IBM HTTP
Server.
![[z/OS]](../../ngzos.gif)
It is recommended that you disable IBM
HTTP Server session ID caching (
sidd). The z/OS System SSL provides
an equivalent function that can perform better with some additional configuration.
- Disable the IBM HTTP Server sidd with the SSLCacheDisable directive
and remove any existing SSLCacheEnable directives in httpd.conf.
- Enable "SSL Started Task" for z/OS System SSL. For more information
on the following setup instructions, refer to the section "SSL Started Task"
in z/OS Cryptographic Services System Secure Sockets Layer (SSL) Programming (SC24-5901),
which you can link to from the z/OS Internet Library:
- Set the following environment variables in bin/envars:
- GSK_V3_SIDCACHE_SIZE=2048
- GSK_V2_SIDCACHE_SIZE=2048
- GSK_SYSPLEX_SIDCACHE=ON
- export GSK_V3_SIDCACHE_SIZE GSK_V2_SIDCACHE_SIZE GSK_SYSPLEX_SIDCACHE
- Configure the limits in the started task by editing /etc/gskssl/server/envar.
- GSK_LOCAL_THREADS
- GSK_SIDCACHE_SIZE