SSL session cache overflowing, how to tune?

I have an HA pair of i10800s, running an application with a lot of SSL sessions. At peak times with 1.1M connections, there are about 24k SSL TPS.

 

With the default SSL session cache size of 262144, it seemed that most SSL transactions were overflowing the cache. I want to have even more CPU headroom for greater load, so I increased the global cache size to 2M, and my client SSL profile cache size to 1M. I also decreased the cache timeout to 300 seconds from 3600. In my application, requests should come ever 20 seconds, so 300 seconds should be plenty.

 

There still seem to be a lot of overflows though, although I'm not facing any problems yet either.

 

One thing I'm curious about, is do resuming sessions renew their cache entry? Or do the entries always expire after 300 seconds regardless of renewing? Their still seems to be plenty of free TMM memory if I should increase the cache timeout.

 

How should I approach tuning this cache? Will stopping overflows even help with CPU/TMM processor headroom?