beautypg.com

Ssl session id workflow – Brocade Virtual ADX Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual

Page 315

background image

Brocade Virtual ADX Server Load Balancing Guide

299

53-1003247-01

Setting up SSL session ID switching

5

SSL session ID workflow

Figure 33

illustrates how the initial SSLHP messages exchanged between a client and server,

client_hello and server_hello, establish an SSL Session ID.

FIGURE 33

How the SSL Handshake Protocol Establishes a Session ID

If the value in the session_id field that the client sends to the server is non-zero, the Brocade
Virtual ADX can connect the client to the server that originally sent the Session ID value.

Figure 34

illustrates how this function, called SSL Session ID switching, works.

NOTE

SSL Session ID switching is supported for SSL v3.0 and higher only. In SSL versions prior to 3.0, the
session ID was established later in the handshaking process, after the client and server had started
exchanging encrypted data. If the session ID is encrypted, the Brocade Virtual ADX cannot make
forwarding decisions based on this information.

If the client source IP address is changed, session persistence based on SSL Session ID does not
work since Session ID information is not copied across Application Processors. If the source IP is
changed, the session may be processed by different Application Processor. The only exception is
SI-1008-1 model with single Application Processor.