You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by su...@apache.org on 2015/02/12 23:06:19 UTC
trafficserver git commit: TS-3080: Documentation for SSL Session
Caching
Repository: trafficserver
Updated Branches:
refs/heads/master 58a0eff5d -> 7492c3a00
TS-3080: Documentation for SSL Session Caching
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/7492c3a0
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/7492c3a0
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/7492c3a0
Branch: refs/heads/master
Commit: 7492c3a00056ec0333f9faff746fbf3270f3c6b4
Parents: 58a0eff
Author: Brian Geffon <br...@apache.org>
Authored: Tue Oct 7 18:49:01 2014 -0700
Committer: Sudheer Vinukonda <su...@yahoo-inc.com>
Committed: Thu Feb 12 22:05:37 2015 +0000
----------------------------------------------------------------------
.../configuration/records.config.en.rst | 40 +++++++++++++++++++-
1 file changed, 38 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/7492c3a0/doc/reference/configuration/records.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/configuration/records.config.en.rst b/doc/reference/configuration/records.config.en.rst
index e65a03c..5df77d5 100644
--- a/doc/reference/configuration/records.config.en.rst
+++ b/doc/reference/configuration/records.config.en.rst
@@ -2206,12 +2206,48 @@ SSL Termination
throughput, and then reset record size back to a single segment
after 1 second of inactivity—lather, rinse, repeat.
+.. ts:cv:: CONFIG proxy.config.ssl.session_cache INT 2
+
+ Enables the SSL Session Cache:
+
+ - ``0`` = Disables the session cache entirely
+
+ - ``1`` = Enables the session cache using OpenSSLs implementation.
+
+ - ``2`` = (default) Enables the session cache using Traffic Server's implementation.
+ This implentation should perform much better than the OpenSSL
+ implementation.
+
+
.. ts:cv:: CONFIG proxy.config.ssl.session_cache.timeout INT 0
This configuration specifies the lifetime of SSL session cache
entries in seconds. If it is ``0``, then the SSL library will use
- a default value, typically 300 seconds.
-
+ a default value, typically 300 seconds. Note: This option has no affect
+ when using the Traffic Server session cache (option ``2`` in
+ ``proxy.config.ssl.session_cache``)
+
+.. ts:cv:: CONFIG proxy.config.ssl.session_cache.size INT 102400
+
+ This configuration specifies the maximum number of entries
+ the SSL session cache may contain.
+
+.. ts:cv:: CONFIG proxy.config.ssl.session_cache.num_buckets INT 1024
+
+ This configuration specifies the number of buckets to use with the
+ Traffic Server SSL session cache implementation. The TS implementation
+ is a fixed size hash map where each bucket is protected by a mutex.
+
+.. ts:cv:: CONFIG proxy.config.ssl.session_cache.skip_cache_on_bucket_contention INT 0
+
+ This configuration specifies the behavior of the Traffic Server SSL session
+ cache implementation during lock contention on each bucket:
+
+ - ``0`` = (default) Don't skip session caching when bucket lock is contented.
+
+ - ``1`` = Don't use the SSL session cache for this connection during lock contention.
+
+
.. ts:cv:: CONFIG proxy.config.ssl.hsts_max_age INT -1
This configuration specifies the max-age value that will be used