Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
May 31, 2015

SSL session cache - how to clear

Hi,

 

I was searching forum and docs to find answer but failed. Seems that there is no tmsh command to clear SSL session cache for given VS.

 

Only solution I found was setting cache size to 0 - but I wonder if it is automatically clearing cache after updating ssl profile or some other steps have to be taken - I am pretty sure that I saw some post saying that after setting 0 for cache size and issuing tmsh show ltm virtual virtual_name profiles { sslprofile_name } it looked like there are still entries in cache.

 

Piotr

 

application delivery
LTM
management
security
TMSH

4 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jun 01, 2015

    I am pretty sure that I saw some post saying that after setting 0 for cache size and issuing tmsh show ltm virtual virtual_name profiles { sslprofile_name } it looked like there are still entries in cache.

    this is mine.

    [root@ve11a:Active:In Sync] config  date; tmsh show ltm profile client-ssl myclientssl | grep -A 6 Session\ Cache
Mon Jun  1 12:16:47 SGT 2015
Session Cache
  Current Entries                                                   1
  Hits                                                              0
  Lookups                                                           1
  Overflows                                                         0
  Invalidations                                                     0

[root@ve11a:Active:In Sync] config 
[root@ve11a:Active:In Sync] config  date; tmsh modify ltm profile client-ssl myclientssl cache-size 0
Mon Jun  1 12:16:58 SGT 2015
[root@ve11a:Active:Changes Pending] config 
[root@ve11a:Active:In Sync] config  date; tmsh show ltm profile client-ssl myclientssl | grep -A 6 Session\ Cache
Mon Jun  1 12:17:03 SGT 2015
Session Cache
  Current Entries                                                   0
  Hits                                                              0
  Lookups                                                           1
  Overflows                                                         0
  Invalidations                                                     0
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Jun 01, 2015
      Thanks looks good. Just hope it is like that on 10.0.1 Piotr
  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Jun 01, 2015

    I am pretty sure that I saw some post saying that after setting 0 for cache size and issuing tmsh show ltm virtual virtual_name profiles { sslprofile_name } it looked like there are still entries in cache.

    this is mine.

    [root@ve11a:Active:In Sync] config  date; tmsh show ltm profile client-ssl myclientssl | grep -A 6 Session\ Cache
Mon Jun  1 12:16:47 SGT 2015
Session Cache
  Current Entries                                                   1
  Hits                                                              0
  Lookups                                                           1
  Overflows                                                         0
  Invalidations                                                     0

[root@ve11a:Active:In Sync] config 
[root@ve11a:Active:In Sync] config  date; tmsh modify ltm profile client-ssl myclientssl cache-size 0
Mon Jun  1 12:16:58 SGT 2015
[root@ve11a:Active:Changes Pending] config 
[root@ve11a:Active:In Sync] config  date; tmsh show ltm profile client-ssl myclientssl | grep -A 6 Session\ Cache
Mon Jun  1 12:17:03 SGT 2015
Session Cache
  Current Entries                                                   0
  Hits                                                              0
  Lookups                                                           1
  Overflows                                                         0
  Invalidations                                                     0
    • dragonflymr's avatar
      dragonflymr
      Icon for Cirrostratus rankCirrostratus
      Jun 01, 2015
      Thanks looks good. Just hope it is like that on 10.0.1 Piotr