SSL sweeper

Transmission Control Protocol/Internet Protocol (TCP/IP) has a socket sweeper that ends sockets that have not been used for an extended period of time. This means that no API calls have been issued on those sockets. With shared SSL session support, each SSL daemon process has its own sweeper. For each SSL structure owned by this SSL daemon process, the following occurs:

If there is a socket assigned to the SSL structure, the socket is verified to determine whether it is still active. If the socket is not active, the SSL structure is returned.
If there is no socket assigned to the SSL structure and two consecutive sweeper intervals occur without any SSL API being issued for the SSL structure, the SSL structure is returned.

Context (CTX) structures are not swept. Even if there are no SSL structures currently assigned to a CTX structure, it does not mean that the application is no longer active and neglected to return the CTX structure. A server application creates a CTX structure and waits for remote clients to connect. There can be long periods of time where there are no active SSL sessions, but the application remains active and requires the CTX structure for use when remote clients do connect.

A CTX structure for a z/TPF client does not necessarily have only one SSL session. A client application can create a new CTX structure for each SSL session, or it can create one CTX structure so that all z/TPF client connections (which can be different ECBs) use that CTX structure. For these reasons, it is not possible to sweep a CTX structure.

The SSL sweeper interval is based on the value of the SOCKSWP parameter coded on the SNAKEY macro.

Related information:

See Context (CTX) and SSL structures.
See Shared SSL sessions.
See SNAKEY in z/TPF ACF/SNA Network Generation.