Maintained with ☕️ by
IcePanel logo

The Global external Application Load Balancer and the Classic Application Load Balancer will no longer support TLS sessionID resumption

Share

Services

## Deprecate **The Global external Application Load Balancer and the Classic Application Load Balancer will no longer support TLS sessionID resumption. They continue to support modern forms of TLS resumption.** The TLS protocol supports an optimization which allows a client reconnecting to a server with which it has communicated before to perform a cheaper _abbreviated handshake_. This optimization is available in several modes, which include the modern [PSK](https://datatracker.ietf.org/doc/html/rfc8446#section-2.2) and [ticket](https://datatracker.ietf.org/doc/html/rfc5077) mechanisms, as well as the long-obsolete [sessionID](https://datatracker.ietf.org/doc/html/rfc5246) mechanism. The Global external Application Load Balancer and the Classic Application Load Balancer are the only Google Cloud products that currently support the obsolete sessionID mechanism. This sessionID mechanism is going to be disabled over the next 4-5 weeks. Clients that currently make use of sessionID will transparently fall back to full TLS handshakes. To recover the performance optimization gains, we recommend that you upgrade clients to modern TLS libraries which support the PSK or ticket mechanisms.