SID caching for the client is done internally within the clients address space, and each SSL environment has its own cache. The server can either cache within its address space per SSL environment or externally through the GSKSRVR for SYSPLEX caching. SYSPLEX caching allows session information to be shared among like servers or processes. See SSL started task for more information about Sysplex caching.

Modifying SSL session caching parameters can help tune the security performance characteristics of SSL enabled servers and clients. The contents of the internal client and server caches are controlled by the setting of an expiration lifetime for an SSL session ID entry and the number of entries that can reside concurrently in the cache. Separate caches exist for SSL V2 and SSL V3 (TLS) sessions. The internal SSL SID cache is fixed to a configurable number of entries defined when the SSL environment is being established. By default, the SSL V2 cache size is 256 entries and can be modified through the GSK_V2_SIDCACHE_SIZE environment attribute. The default expiration (or timeout) is 100 seconds and can be modified through the GSK_V2_SESSION_TIMEOUT environment attribute. By default, the SSL V3 (TLS) cache size is 512 entries and can be modified through the GSK_V3_SIDCACHE_SIZE environment attribute. The default expiration (or timeout) is 24 hours and can be modified through the GSK_V3_SESSION_TIMEOUT environment attribute. There is no way to remove or to reuse entries for other connections except for repeated connections between the same client/server pair.

Each time a full handshake is performed and caching is active (cache size !=0), a SID cache entry is created and added to the cache. During the add process, detected expired SID entries are removed. If the cache reaches its size limit, an entry is removed from the cache and the newly created SID entry is added.