This article describes how to configure TLS session ticket extension by using the NetScaler GUI.
Note: This feature is introduced in release 11.1 build 51.21.

Background

CPU-intensive

An SSL handshake is a CPU-intensive operation. If session reuse is enabled, the server/client key exchange operation is skipped for existing clients. They are allowed to resume their sessions. This improves the response time and increases the number of SSL transactions per second that a server can support. However, the server must store details of each session state, which consumes memory and is difficult to share among multiple servers if requests are load balanced across servers.

SessionTicket TLS

NetScaler appliances support the SessionTicket TLS extension. Use of this extension indicates that the session details are stored on the client instead of on the server. The client must indicate that it supports this mechanism by including the session ticket TLS extension in the client Hello message. For new clients, this extension is empty. The server sends a new session ticket in the NewSessionTicket handshake message. The session ticket is encrypted with a key known only to the server. If a server cannot issue a new ticket at this time, it completes a regular handshake.

Arguments

sessionTicketLifeTime - Specify a time, in seconds, after which the session ticket expires and a new SSL handshake must be initiated.
Default value: 300
Minimum value: 0
Maximum value: 172800

Instructions

Enable TLS Session Ticket Extension

To enable TLS session ticket extension by using the NetScaler GUI:

1. Navigate to System > Profiles. Select SSL Profiles.

   

2. Click Add.

   

3. Specify a Name for the profile.

   

4. Select Session ticket.

   

5. Optionally, specify Session Ticket Lifetime (secs).

   

6. Click OK.