IBM® HTTP
Server caches secure sockets layer (SSL) session IDs when Web clients establish
secure connections with the Web server. Cached session IDs enable subsequent
SSL session requests to use a shortened SSL handshake during session establishment.
Session ID caching is enabled by default on all supported platforms.
The session ID cache is implemented
as a daemon process named sidd. You will see this process running when IBM HTTP
Server is started with SSL enabled.
In most cases, you will not need to take an additional
configuration steps to effectively use SSL session ID caching in IBM HTTP Server.
![[z/OS]](../../ngzos.gif)
It is recommended that you disable IBM HTTP Server session ID caching (
sidd).
The z/OS
® System
SSL provides an equivalent function that can perform better with some additional
configuration.
- Disable the IBM HTTP
Server sidd with the SSLCacheDisable directive and remove any existing
SSLCacheEnable directives in httpd.conf.
- Enable "SSL Started Task" for z/OS System SSL. For more information on
the following setup instructions, refer to the section "SSL Started Task"
in z/OS Cryptographic
Services System Secure Sockets Layer (SSL) Programming (SC24-5901), which
you can link to from the z/OS Internet Library:
- Set the following environment variables in bin/envars:
- GSK_V3_SIDCACHE_SIZE=2048
- GSK_V2_SIDCACHE_SIZE=2048
- GSK_SYSPLEX_SIDCACHE=ON
- export GSK_V3_SIDCACHE_SIZE GSK_V2_SIDCACHE_SIZE GSK_SYSPLEX_SIDCACHE
- Configure the limits in the started task by editing /etc/gskssl/server/envar.
- GSK_LOCAL_THREADS
- GSK_SIDCACHE_SIZE