For load balancing issue, I need to find out the typical SSL persistence behavior among browsers (and servers). What I’ve found out so far that SSL 3.0 (onwards) have moved out the session ID from encryption. So now load balancers can take advantage of that session ID and implement sticky sessions. But one problem remains that, after IE5+, Internet Explorer renews the SSL session in every two minutes. I’m yet to figure out the Firefox/Mozilla implementation for this, but seems like I cannot rely on the SSL session ID for being the same for a long period of time, thus invalidating the Sticky Session implementation which will depend on session ID for SSL connections.
- “At any time, due to internal or external stimulus (either automation or user intervention), either side may renegotiate the connection, in which case, the process repeats itself.” (Source: http://support.microsoft.com/kb/257591).