To support the SSL EMS extension according to RFC 7627, the Sensor reserves a specific amount of system memory.
This reservation is to track handshake messages, while computing the master key, for the decryption of SSL traffic.
Current system memory allocation:
- NS-Series 9100 allocates a maximum handshake buffer value of 5 K
- IPS-VM600 allocates a maximum handshake buffer value of 1 K.
The number of SSL sessions that can be held concurrently is limited in these Sensor models.
Owing to insufficient system memory, you might see handshake buffer allocation failures, when handling SSL traffic (with the EMS extension).