About TLS session resumption
NetBackup uses TLS (Transport Layer Security) to secure communications between NetBackup hosts and is enabled by default. Each new TCP connection between NetBackup hosts must perform a TLS handshake and verify the peer identity before NetBackup sends traffic across that connection.
TLS session resumption is an open standards optimization that allows a TLS client and server to reuse a secure session that is generated during a previous connection. Reusing a secure session allows NetBackup to use a streamlined handshake instead of a full handshake. Performing this action reduces both the host CPU and time that is required to establish the new connection.
TLS version 1.2 reduces forward security for the interval between full handshakes. To limit this window while still benefitting from session reuse, NetBackup allows global configuration of the maximum interval between full TLS handshakes.
To use the options for TLS session resumption, navigate to . You can use the option to set the security level as follows:
- If you use this option, NetBackup defaults to the security setting as follows:
Very high - 10 minutes
High - 30 minutes
Medium - 60 minutes
- The value of this interval can be configured at a minute granularity, within the range of 1 minute to 720 minutes.
The TLS 1.3 session ticket lifetime is same as the interval that is mentioned earlier. However, the TLS 1.3 session ticket is used only once.
Note:
If strict forward security is a concern, NetBackup also allows session resumption to be globally disabled.
Note:
This feature currently only applies to NBCA. ECA to be supported in a future release.