Need to know hit rate of ssl session cache

Hi list,

maybe this has already discussed elswhere but I didn't find appropriate =
information...

What I need to know is the "hit rate" of the ssl session cache =
respectively a way to calculate it myself based on information from the =
ssl*.log files, if possible.

In other words: How can I tell for a connection in the log files whether =
a ssl-handshake was done or whether the session could have been "reused" =
from the ssl session cache?

I would appreciate any help or information that points me in the right =
direction.


Kind regards,

B. Courtin=20
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Need to know hit rate of ssl session cache

On Wed, Apr 09, 2003 at 03:37:10PM +0200, Courtin, Bert wrote:
> Hi list,
>
> maybe this has already discussed elswhere but I didn't find appropriate information...
>
> What I need to know is the "hit rate" of the ssl session cache respectively a way to calculate it myself based on information from the ssl*.log files, if possible.
>
You should raise SSLLogLevel to get that info - iirc you need either
debug or trace, but try it out - see
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC20

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Need to know hit rate of ssl session cache

* Mads Toftum (mads@toftum.dk) wrote:
> On Wed, Apr 09, 2003 at 03:37:10PM +0200, Courtin, Bert wrote:
> > Hi list,
> >
> > maybe this has already discussed elswhere but I didn't find appropriate information...
> >
> > What I need to know is the "hit rate" of the ssl session cache respectively a way to calculate it myself based on information from the ssl*.log files, if possible.
> >
> You should raise SSLLogLevel to get that info - iirc you need either
> debug or trace, but try it out - see
> http://www.modssl.org/docs/2.8/ssl_reference.html#ToC20

And the source code is pretty easy to hack if do-it-yourself is a valid
option. See ssl_scache.c, for example. If you want to go this way, add
some traces to the various cache functions to watch what happens when
you (a) negotiate a new session, (b) request a session resume after
restarting the server (ie. when the resume will fail), and (c) request a
session resume that succeeds. These functions defer to the corresponding
mode-specific functions (ie. shmcb, shmht, dbm, etc). You should watch
the return value (where appropriate) of calling into these.

As for logging, IIRC it will generate quite a bit of noise, but if that
overhead isn't an issue and it can give you what you need, then it's
probably the simplest way. Just wanted to mention that if you're
prepared to touch the source code you gain a lot of flexibility. Long
live open source, etc.

Cheers,
Geoff

--
Geoff Thorpe
geoff@geoffthorpe.net
http://www.geoffthorpe.net/

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org