SSL Reading CAC Card with every page load

Forum Moderators: phranque

Message Too Old, No Replies

SSL Reading CAC Card with every page load

islandman

9:15 pm on Mar 12, 2008 (gmt 0)

I have recently enabled client authentication using the following directives in ssl.conf:

SSLVerifyClient require
SSLVerifyDepth 2

Unfortunately, it seems that my CAC card is accessed with every page load, which causes a significant performance hit (approx 2 seconds per page).

Does anyone know of any other parameters I could set to overcome this problem?

Thanks much.

islandman

9:04 pm on Mar 14, 2008 (gmt 0)

It wasn’t a profound insite or understanding into the details of Apache, but rather some educated guessing & trial and error.

I changed the SSLSessionCache parameter in ssl.conf from:

SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache

To:

SSLSessionCache shmcb:/usr/local/apache2/logs/ssl_scache(512000)

I don’t know why it works, but it seems to do the trick. The reason I changed it was the following: I surmised that caching might have something to do with it. So, I compared the caching parameters on another server (where the CAC seems to be working already) and on the problem server (where it isn’t working). On the server where it is working, the SSLSessionCache parameter was using shmcb: instead of dbm: so I decided to try that on the problem server, where it was using dbm: by default.

jdMorgan

3:48 am on Mar 15, 2008 (gmt 0)

Welcome to WebmasterWorld, islandman, and thanks for posting your solution. By the number of replies to this thread, I surmise that you are now the 'resident expert' on this topic... :)

Jim