iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

141

142

143

144

145

146

147

148

149

150

Configuring the iTP Secure WebServer

iTP Secure WebServer System Administrator’s Guide—523346-002

7-7

The Secure Transport Configuration File

(httpd.stl.config)

The Secure Transport Configuration File (httpd.stl.config)

Example 7-2 shows how to configure the iTP Secure WebServer for SSL or PCT. This

sample file, httpd.stl.config, is supplied with the iTP Secure WebServer. For

more information about SSL configuration, see Section 4, Configuring for Secure

Transport.

Configuring Global Session Key Caching

Global session key caching is introduced to improve caching performance. The current

architecture has multiple instances of webserver processes running as a Pathway

serverclass. Each instance maintains its own cache of SSL session keys. However,

due to round-robin load balancing of the iTP Secure WebServer environment, SSL

session key cache hits are rare. This enhancement provides increased overall SSL

performance by allowing a cache of SSL session keys to be shared amongst all

instances of the httpd serverclass, thereby maximizing the cache hits and minimizing

the CPU and network resources required for establishing SSL connections to the

NonStop platform.

If global session key caching is desired, the SK_GlobalCache directive (i.e the

GlobalCache variable), must be set to ON to enable the configuration of the server. If

individual httpd server process session key caching is desired, which is the default,

set the variable to OFF, or omit it.

The value of MAXSERVERS must always be set to 1. This is a single process

serverclass. The value of MAXLINKS and LINKDEPTH must both always be set to the

value of the httpd server’s MAXSERVERS value. For example:

Server $root/bin/httpd { Server $root/bin/gcache {

... Maxservers 1

Maxservers 50 ---> Maxlinks 50

... Linkdepth 50

} ...

}

The configuration directives SK_CacheSize and SK_CacheExpiration, which are

set by defining the variables CacheSize and CacheExpiration, are optional. The

default value for SK_CacheSize is 1000, and for SK_CacheExpiration is 86400

(24 hours).

Note. You cannot use httpd.stl.config and httpd.websafe.config in the same

WebServer environment.

Note. If individual httpd server process session key caching is used, each process will create

it's own cache with SK_CacheSize entries. However, if global session key caching is used, that

single process server will create a single cache also with SK_CacheSize entries. Take this into

consideration when determining the value for SK_CacheSize.