Share via


Configuring ServerCacheTime for SSL Sessions

Applies To: Windows Server 2003, Windows Server 2003 with SP1

If you plan to support long SSL sessions, consider lengthening the SSL cache time-out interval by adding the ServerCacheTime entry to the registry. If you expect thousands of users to connect to your site by using SSL, estimate how long you expect SSL sessions to last, and then set the value of the ServerCacheTime entry to a number slightly higher than your estimate. Do not set the value much higher than your estimate, because the resulting time-out interval might cause your server to retain stale data in the cache.

Warning

The registry editor bypasses standard safeguards, allowing settings that can damage your system, or even require you to reinstall Windows. If you must edit the registry, back it up first and see the Registry Reference.

One reason for changing the default value for the SSL session cache is to force the client to authenticate more often. More frequent caching is sometimes useful, for example, if you know that the client is using a smart card and you want the Web page to be accessible only when the user inserts the smart card in the reader.

Before changing the SSL cache time-out interval, make sure that HTTP Keep-Alives are enabled (HTTP Keep-Alives are enabled by default). SSL sessions do not expire when you use them with HTTP Keep-Alives except when the browser closes the connection.

For information about adding the ServerCacheTime entry to the registry, see Setting the SSL Cache Time-out Interval. For more information about configuring SSL session caching, including how to set the ClientCacheTime registry setting, see Knowledge Base article 247658, How to Configure Secure Sockets Layer Server and Client Cache Elements.

For more information about editing the registry, see the Registry Reference.