RNUG Lotus User Group (www.vlaad.lv)

    notes.ini parameter SSL_Resumable_Sessions=0 significantly improves performance for HTTPS requests

    Vladislavs Tatarincevs  21 November 2008 13:41:31
    Hello, Now I am preparing to Security Exam for Lotus Certified Security Specialist,
    I going thought several redbooks, and help documentation.

    I found SSL_Resumable_Sessions parameter in the HELP, which if set to 0, improves performance of the web site.

    There are ~300 users on the server, where I tested this parameter,


    I used YSLOW tool, a plugin for FireFox, which allows to measure time when page completely received, it is totaly different to page GENERATION time of web server.

    you can find this plugin here, it is totaly free to use http://developer.yahoo.com/yslow/
    Image:notes.ini parameter SSL_Resumable_Sessions=0  significantly improves performance for HTTPS requests


    I tested Domino 8 iNotes with SSL_RESUMABLE_SESSIONS Default =50 value and value set to 0.
    if you put this parameter in configuration document, server will catch it after some time, so there is no need for HTTP restart.

    just check it with "SHOW CONFIGURATION SSL_RESUMABLE_SESSIONS" command.

    I found that setting this value to 0, greatly improves performance.

    Tests were done during the same load, and several times, in all cases setting value to 0 gave performance boost.

    Here is a link, to a very good book, how to improve WEB performance,not only in Lotus Notes/Domino, but also in others WEB sites. http://stevesouders.com/hpws/rules.php

    I think that I will use this parameter on all my customer sites, as tests show that performance is improved.




    Image:notes.ini parameter SSL_Resumable_Sessions=0  significantly improves performance for HTTPS requests



    FROM NOTES HELP
    SSL session resumption greatly improves performance when using SSL by recalling information from a previous successful SSL session negotiation to bypass the most computationally intensive parts of the SSL session key negotiation. HTTP is the protocol that benefits the most from SSL session resumption, but other Internet protocols may benefit as well.

    By default, the server caches information from the 50 most recently negotiated sessions. This number can be modified by setting the variable SSL_RESUMABLE_SESSIONS in the NOTES.INI file.  Increasing that number may improve performance on servers that tend to carry large numbers of concurrent SSL sessions.

    SSL session resumption can be disabled by setting SSL_RESUMABLE_SESSIONS=1 on the server.

    SSL_RESUMABLE_SESSIONS has no effect on the IBM® Lotus® Notes® client. The client will cache the most recent SSL session.

    Note  You cannot configure SSL sessions to time out and expire.

    Comments

    1Chris Mobley  21/11/2008 12:02:16  notes.ini parameter SSL_Resumable_Sessions=0 significantly improves performance for HTTPS requests

    I'm confused. You say reducing this parameter to 0 improves performance. Yet the Notes Help says that INCREASING the parameter improves performance. What am I missing?

    Does setting it to 0 make it unlimited?

    2Vladislav Tatarincev  21/11/2008 12:11:29  notes.ini parameter SSL_Resumable_Sessions=0 significantly improves performance for HTTPS requests

    Yes, Setting to 0 make it ulimited.


    Discussion for this entry is now closed.

    Archives