You can configure SSL timeouts for ESXi by editing a configuration file on the ESXi host.

About this task

Timeout periods can be set for two types of idle connections:

  • The Read Timeout setting applies to connections that have completed the SSL handshake process with port 443 of ESXi.

  • The Handshake Timeout setting applies to connections that have not completed the SSL handshake process with port 443 of ESXi.

Both connection timeouts are set in milliseconds.

Idle connections are disconnected after the timeout period. By default, fully established SSL connections have a timeout of infinity.

Note:

Using a longer timeout than the default is not recommended.

Procedure

  1. Log in to the ESXi Shell as a user with administrator privileges.
  2. Change to the directory /etc/vmware/rhttpproxy/.
  3. Use a text editor to open the config.xml file.
  4. In the <http>...</http> section, enter the <readTimeoutMs> value in milliseconds.

    If the <readTimeoutMs> tag does not exist you can create it.

  5. In the <ssl>...</ssl> section, enter the <handshakeTimeoutMs> value in milliseconds.

    If the <handshakeTimeoutMs> tag does not exist you can create it.

  6. Save your changes and close the file.
  7. Restart the rhttpproxy process:

    /etc/init.d/rhttpproxy restart

Configuration File

The following section from the file /etc/vmware/rhttpproxy/config.xml shows where to add the SSL timeout settings.

<vmacore>
 ...
 <http> 
	...
  <readTimeoutMs>20000</readTimeoutMs>
	...
 </http>
 ...
 <ssl>
  ...
  <handshakeTimeoutMs>20000</handshakeTimeoutMs>
  ...
	</ssl>
</vmacore>