What does the TLS profile's "cache enabled" option do?

Q:
1. What is the use of cache enabled option in TLS profiles?

The Gateway manual says "Check this option to enable reuse of the session security parameters."
What "security parameters" are being referenced?

A:
The cache option in the TLS profile is there for implementing the following RFC4346 requirement :
According to RFC4346, pages 32-33 :

  When the client and server decide to resume a previous session or
  duplicate an existing session (instead of negotiating new security
  parameters), the message flow is as follows:

  The client sends a ClientHello using the Session ID of the session to
  be resumed.  The server then checks its session cache for a match.
  If a match is found, and the server is willing to re-establish the
  connection under the specified session state, it will send a
  ServerHello with the same Session ID value.  At this point, both
  client and server MUST send change cipher spec messages and proceed
  directly to finished messages.  Once the re-establishment is
  complete, the client and server MAY begin to exchange application
  layer data.  (See flow chart below.)  If a Session ID match is not
  found, the server generates a new session ID and the TLS client and
  server perform a full handshake.

     Client                                                Server

     ClientHello                   -------->
                                                      ServerHello
                                               [ChangeCipherSpec]
                                   <--------             Finished
     [ChangeCipherSpec]
     Finished                      -------->
     Application Data              <------->     Application Data

         Fig. 2. Message flow for an abbreviated handshake

So, to answer your question we keep in cache : the cipherSuite, the TLS version, client/server Authenticated or not, a session id and the master secret.
------------------------------------------------------------------------------------------------------------------
Q:
2. What does it mean to have it checked ?

A:
It means the cache is used (when used as a server), so an abbreviated handshake will be possible.
------------------------------------------------------------------------------------------------------------------
Q:
3. What does it mean to have it unchecked?

A:
It means the cache won't be used (when used as a server), so we will always do a full handshake everytime.
------------------------------------------------------------------------------------------------------------------
Q:
4. If it is changed, how does the cache get drained / cleared so it can reset?  

A:
The cache is configurable through some parameters :
tls_cache_activated - by default is 1, so cache is used
tls_cache_timeout - by default is 1800 s (30 minutes). After this period of time an entry in the cache will not be used and a full handshake will be re-done.
tls_cache_reuse_max - by default is 100. How many times we can re-use such entry. After 100 uses it will be deleted from the cache and a full handshake will be re-done.

By default, every 60 seconds the cache is checked for invalid entries/cleaned.
------------------------------------------------------------------------------------------------------------------
Q:
5. What is the impact If you enable/disable this option in terms of performance?
Customer is using Certificates in Gateway for Brower based users (HTTPS protocol) and Certificates in Passport for  Automated users (FTPS, SFTP and HTPS protocols).

A: Using cache should bring improvements in terms of performances.
----------------------------------------------------------------------------------