In the scenario where ARR is configured to use SSL/TLS to connect to the content servers, does it utilize SSL sessions (e.g., session identifiers as specified in RFC 5246) so that subsequent connections with the content servers can utilize an abbreviated handshake?
If so, can multiple clients be served using a single SSL session with the content server?
I know the SSL implementation for ARR comes from the underlying schannel component, and I believe that it does caching by default for both sides of the connection per How to configure Secure Sockets Layer server and Client cache elements. However, I couldn't find a definitive article to support the ARR scenario.
First of all, I don't know the answer but am guessing it does at least use session id.
Second I would go about finding out not by looking at documentation which may or may not be trustworthy on such a detail, but by sniffing the traffic and in such a way ensuring a 100% correct answer. I find this the easiest way when it comes to proxies which can manipulate traffic to different effects - does it actually do what I believe it does?
If I remember my 'sniffings' correctly, the SessionID is part of the unencrypted SSL packet header and can be viewed in Wireshark or any other packet analyzer right off the bat.
Lastly, if you want to go decrypt for full insight that is also possible, and here too, to answer your second question not through deduction but through having explicit flow data.
Answering my own question after using Wireshark to determine the answer.
Yes, AAR will utilize SSL sessions and those sessions can service multiple clients.
Using Wireshark I observed the following:
This lines up exactly with the expected results shown in the diagrams in Speeding up SSL: enabling session reuse.