The SSL protocol has a mechanism built in to allow for faster secure connections between a client/server pair. There is a concept of an SSL Session that allows this to happen. The first time a client and server connect, cryptographic characteristics of that connection are saved into a Session Cache entry. A Session is identified by a Session ID (SID). The cached cryptographic components (SID cache entry) allows for new bulk encryption keys to be generated with subsequent SSL handshakes between the same client/server pair. The subsequent handshakes would be abbreviated since much of the data used to generate keys is in the SID cache entry. This abbreviated handshake does not require public key encryption to take place.

Public key encryption is very time consuming, so avoiding it improves performance for clients and servers using SSL. A SID cache entry exists for a limited time. Take care when specifying how long an SSL session is allowed to live. Setting the SID cache timeout or number of SID cache entries to ZERO turns off SID caching, causing a full handshake to be completed for every connection.

Applications need to be sensitive to both security and performance issues. Security conscious applications should keep the session timeout values very low to ensure keys are generated frequently to avoid security breaches. Applications that are more performance conscious than security conscious should have longer session timeouts and a larger cache size.