Problem

Additional information about the Http.Ssl.SessionTimeout option in SecureTransport.

Resolution

The Http.Ssl.SessionTimeout option sets the SSL session timeout in seconds. A value of -1 (default) uses the JVM default, while 0 means unlimited and positive number is a timeout in seconds.

If the timeout limit is set to N amount of seconds, a session exceeds the timeout limit of N seconds after its creation time. When the timeout limit is exceeded for a session, the SSLSession object is invalidated and future connections cannot resume or rejoin the session.

The timeout applies to all HTTPS sessions established by a client and by default is set to unlimited. The Http.Ssl.SessionTimeout option applies to all users in ST, globally, but only for the end user HTTPS protocol. This includes both the SecureTransport Web Client interface as well as the End User REST API. Other protocols (and interfaces like the Admin UI) like FTPS, AS2, SFTP and PeSIT are not affected by the option.