Session cache operation, Diagnostic messages, Session cache operation diagnostic messages – Zilog EZ80F91AZA User Manual

UM020107-1211

SSL Configuration

ZTP Network Security SSL Plug-In

User Manual

53

expire too fast, then extra public key operations must be performed, resulting in slow session
establishment times. The default configuration specifies that an idle entry in the session cache
will expire in five minutes.

Session Cache Operation

When a new session is established, the SSL protocol layers adds a new entry to the session
cache and sets the entry’s expiry timer to

SSL_CACHE_TIMEOUT

. As more sessions are

established, additional entries in the cache are used. If the cache is full (i.e., it contains

SSL_MAX_SESSION_ENTRIES

) and a new session is established, the recently used entry

will be evicted from the cache.

Each time the SSL protocol layers search the cache for a specific entry and that entry is
found, its time out value is reset to

SSL_CACHE_TIMEOUT

. While searching the session

cache, the SSL protocol layer will evict expired entries.

Diagnostic Messages

The ZTP Network Security SSL Plug-In is capable of generating a considerable amount of
diagnostic information. This information is displayed on the console device when the
handshake protocols execute. To control the amount of diagnostic messages displayed, the
value of the

SSL_DEBUG_LEVEL

configuration variable can be modified; this variable is

defined in the

ssl_conf.c

configuration file. The default configuration is shown in the

following code fragment.

SSL_BYTE SSL_Debug_level = SSL_DEBUG_ERROR;

This variable can be set to any one of the four values listed in Table 7.

Table 7. Diagnostic Message Control

SSL_DEBUG_LEVEL Setting

Description

SSL_DEBUG_NONE

Suppress all diagnostics messages

SSL_DEBUG_ERROR

Display only Error messages

SSL_DEBUG_WARNING

Display only Error and Warning messages

SSL_DEBUG_INFO

Display all diagnostics messages