Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

SSL_Resumable_Sessions=0 does not give better performance

Daniel Nashed  6 October 2010 09:53:24

I am currently looking into performance optimization for a larger iNotes environment.
They are currently planning to use native SSL but might offload SSL to a network component hopefully.
Most customers offload SSL to dedicated appliances but for example if you are running HTTPS on your Traveler server this might be also helpful for you because the devices keep sessions open for a longer time.

There is a setting to tune to maximum presumable sessions for SSL.

notes.ini ssl_resumable_sessions=n

By default Domino uses 50 presumable session entries. I found references on multiple websites and presentations that setting the parameter to zero gives you unlimited numbers of presumable sessions.
Researching the parameter it turned out that ssl_resumable_sessions=0 means the default value of 50 is used.
In addition it is important to note that you need a restart to change the parameter.
If you set it thru the config document or via set config the parameter is present but the notes.ini parameter is only read during startup because internally it is a static setting.

Session resumption is build as a "ring" of entries (basically an array with start and end point) with fixed memory allocation for the entries.
There is not much storage needed for each entry but you should not set the parameter too high because it is a circularly linked list.
Increasing the size will increase the time needed to find any given session by O(N) on the other side this reduces the number of full SSL handshakes and will give you CPU reduction in case you have more than the 50 active sessions.

So you should not increase it to a very high limit. It should not be set to more than the number of active users (which is not an easy number to figure out in most cases).
In case of a Traveler server it is quite easy to measure. But for standard Web operations there is no easy way to find the number of concurrent users from the stats that I am aware of.

-- Daniel




Comments

1Erik Brooks  06.10.2010 16:31:38  SSL_Resumable_Sessions=0 does not give better performance

Cool. We were looking at adding this, this information is very helpful.

2Daniel Silva  15.07.2015 15:26:00  SSL_Resumable_Sessions=0 does not give better performance

hi Daniel,

What did you see as a good ballpark for this?

Thanks!

Dan


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]