Tuning of SSL session caches based on SSL session IDS
First Claim
1. A network device for managing a network communication, comprising:
- an input interface for receiving requests and sending responses;
a session cache for storing information for re-establishing an Secured Socket Layer (SSL) session, wherein the session cache comprises at least one cache lookup table; and
a processor arranged to enable actions embodied by at least a portion of instructions stored in a memory, the actions comprising;
receiving an SSL session identifier (ID) within an SSL handshake protocol for establishing with a client device, an SSL connection;
performing a reversible exclusive-or operation on the SSL session ID and a pre-determined ID associated with the network device to generate an ID, wherein the generated ID comprises at least one of a cache line for identifying an entry within a cache lookup table, or a cache ID for identifying the cache lookup table;
determining, based on at least a portion of the generated ID, a failure statistic associated with re-establishing an SSL session for the SSL connection; and
tuning the session cache based on the failure statistic derived from the reversible exclusive-or operation performed on the SSL session ID.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus are directed towards managing a network communication. A Secured Socket Layer (SSL) session identifier (ID) is received within an SSL handshake protocol message for establishing an SSL connection. The SSL session ID is combined with a pre-determined ID associated with a network device to generate another ID. The other ID may comprise a plurality of information associated with an operation for caching the SSL session ID and/or for caching other information usable in re-establishing an SSL session over the SSL connection. The plurality of information may comprise an expiration time, a cache line, a cache ID, and a unique ID. Based on at least a portion of the other ID, a failure statistic associated with re-establishing the SSL session for the SSL connection is determined. A session cache and/or the operation for caching are tuned based on the failure statistic.
44 Citations
17 Claims
-
1. A network device for managing a network communication, comprising:
-
an input interface for receiving requests and sending responses; a session cache for storing information for re-establishing an Secured Socket Layer (SSL) session, wherein the session cache comprises at least one cache lookup table; and a processor arranged to enable actions embodied by at least a portion of instructions stored in a memory, the actions comprising; receiving an SSL session identifier (ID) within an SSL handshake protocol for establishing with a client device, an SSL connection; performing a reversible exclusive-or operation on the SSL session ID and a pre-determined ID associated with the network device to generate an ID, wherein the generated ID comprises at least one of a cache line for identifying an entry within a cache lookup table, or a cache ID for identifying the cache lookup table; determining, based on at least a portion of the generated ID, a failure statistic associated with re-establishing an SSL session for the SSL connection; and tuning the session cache based on the failure statistic derived from the reversible exclusive-or operation performed on the SSL session ID. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for managing a network communication, comprising:
-
a session cache for storing at least a plurality of Secured Socket Layer (SSL) session identifiers (IDs), wherein the session cache comprises at least one cache lookup table; and a network device interposed between a client and at least one server, wherein the network device is configured to perform actions comprising; receiving an SSL session ID within an SSL handshake protocol for establishing an SSL connection with the client, wherein data sent over the SSL connection is configured to be forwarded from the client to the at least one server; performing a reversible exclusive-or operation on the SSL session ID and a pre-determined ID associated with the network device to generate an ID, wherein the generated ID comprises a plurality of information associated with an operation of the session cache; determining, based on at least a portion of the generated ID, a failure statistic associated with re-establishing an SSL session for the SSL connection; and tuning the session cache based on the failure statistic derived from the reversible exclusive-or operation performed on the SSL session ID. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory machine-readable storage medium having machine-executable instructions stored thereon, which when executed by at least one processor, causes the at least one processor to perform one or more actions, comprising:
-
receiving an SSL session identifier (ID) within an Secured Socket Layer (SSL) handshake protocol message for establishing an SSL connection; performing a reversible exclusive-or operation on the SSL session ID and a known value to generate an ID, wherein the generated ID comprises a plurality of information associated with an operation for caching the SSL session ID; determining, based on at least a portion of the generated ID, a failure statistic associated with re-establishing an SSL session for the SSL connection; and tuning the operation for caching based on the failure statistic derived from the reversible exclusive-or operation performed on the SSL session ID. - View Dependent Claims (16, 17)
-
Specification