ACE module SSL session sync?

Unanswered Question
Aug 6th, 2010

Hallo @all!

After we get this question by a customer i was searching in forum and internet, but i can't find an answer. We use 2 ACE module with failover configuration and SSL activated. I know you have to sync the SSL keys and certs. The ACE is synchronizing tcp sessions. But does it synchronize the SSL sessions too? I mean if the failover starts, what happens to the SSL sessions?

Kind regards,

Marko

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
litrenta Fri, 08/06/2010 - 07:06

If you are terminating SSL on the ace the client connection to the ace is fully proxied since ACE needs to do all of the encryption and decryption. As such these client connections cannot be replicated to the standby ace and on failover the client would need to restablish their SSL session to the new ace (old connection is lost). SO the short answer is no ssl sessions are not sync'd to the standby ace.

This is true of every loadbalancer or ssl offloader on the market.

Actions

This Discussion