How to identify if SSL session is being reused

How to identify if SSL session is being reused

book

Article ID: CTX477497

calendar_today

Updated On:

Description

To identify if SSL Session reuse is being used or not

Instructions

1. From the trace captured on the ADC, we can identify SSL session Reuse using this pattern.
2. Check for the same Session id in both Client hello and Server hello packets.
3. Use the below-mentioned command on Client Side to determine : 
shell nsconmsg -d statswt0 -g ssl_tot_sslInfo_SessionHits
4. Use this command to determine on the V Server level: 
> shell nsconmsg -d statswt0 -g ssl_ctx_tot_session_hits

 5. Displaying current counter value excluding counters with 0 value information

NetScaler V20 Performance Data
NetScaler NS13.0: Build 88.12.nc, Date: Oct 14 2022, 10:30:12   (64-bit)

reltime:mili second between two records Wed Jan  4 11:37:54 2023
Index reltime     counter-value symbol-name&device-no
    1  183392               126 ssl_ctx_tot_session_hits vserver_ssl_192.168.217.98:443(external_gateway_cvad)
    3       0                20 ssl_ctx_tot_session_hits vserver_ssl_192.168.217.77:443(aaa_vs_advanced_auth)
    5       0                 6 ssl_ctx_tot_session_hits vserver_ssl_10.110.204.39:443(lb_vip_http_reprolab.com_ssl)
Done.

 

Additional Information

https://support.citrix.com/article/CTX121925/ssl-renegotiation-process-and-session-reuse-on-adc-appliance
Powered by Wolken Software