Filter
Top Products
2-41
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module
policy ssl
You can define the SSL policy templates using the policy ssl ssl-policy-name command and associate a
SSL policy with a particular proxy server using the proxy server configuration CLI. The SSL policy
template allows you to define various parameters that are associated with the SSL handshake stack.
help Provides a description of the interactive help system.
renegotiation volume size Allows you to enable autorenegotiation and specifies the data volume size
(in kilobytes).
When the encrypted or decrypted data amount exceeds this size, the SSL
Services Module sends a renegotiation request. This setting is disabled by
default. The valid range is from 1024 to 1073741824 kilobytes.
renegotiation interval time Allows you to enable autorenegotiation and specifies the interval (in
seconds).
After the set interval, the SSL Services Module sends an renegotiation
request. This setting is disabled by default. The valid range is from 60 to
86400 seconds.
renegotiation wait-time time (Optional) When you enable autorenegotiation, this command specifies the
amount of time (in seconds) that the SSL Services Module waits for the peer
to respond to the renegotiation request. The default is 100 seconds. The valid
range is from 10 to 300 seconds.
renegotiation optional (Optional) When you enable autorenegotiation, the SSL Services Module
allows the session to continue if the peer does not respond to the
renegotiation request after timeout. This setting is disabled by default and
the session is disconnected after timeout.
[no] session-cache Allows you to enable the session-caching feature. Use the no form of this
command to disable session caching.
session-cache size size Specifies the maximum number of session entries to be allocated for a given
service; valid values are from 1 to 262143 entries.
timeout handshake timeout Allows you to configure how long the module keeps the connection in the
handshake phase; valid values are from 0 to 65535 seconds.
timeout session timeout [absolute] Allows you to configure the session timeout. The syntax description is as
follows:
• timeout—Session timeout; valid values are from 0 to 72000 seconds.
• absolute—(Optional) The session entry is not removed until the
configured timeout has completed.
tls-rollback [current | any] Allows you to specify if the SSL protocol version number in the TLS/SSL
premaster secret message is either the maximum version or the negotiated
version (current) or if the version is not checked (any).
version {all | ssl3 | tls1} Allows you to set the version of SSL to one of the following:
• all—Both SSL3 and TLS1 versions are used.
• ssl3—SSL version 3 is used.
• tls1—TLS version 1 is used.
Table 2-4 SSL-Policy Configuration Submode Command Descriptions (continued)
Syntax Description