Cisco Systems OL-7029-01 Switch User Manual


 
3-58
Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference
OL-7029-01
Chapter 3 Commands Specific to the Content Switching Module with SSL
ssl-proxy policy ssl
RSA_WITH_RC4_128_SHA—RSA with rc4-sha
all—All supported ciphers
If you enter the timeout session timeout absolute command, the session entry is kept in the session
cache for the configured timeout before it is cleaned up. If the session cache is full, the timers are active
for all the entries, the absolute keyword is configured, and all further new sessions are rejected.
If you enter the timeout session timeout command without the absolute keyword, the specified timeout
is treated as the maximum timeout and a best-effort is made to keep the session entry in the session
cache. If the session cache runs out of session entries, the session entry that is currently being used is
removed for incoming new connections.
Examples This example shows how to enter the SSL-policy configuration submode:
ssl-proxy (config)# ssl-proxy policy ssl sslpl1
ssl-proxy (config-ssl-policy)#
This example shows how to define the cipher suites that are supported for the SSL-policy:
ssl-proxy (config-ssl-policy)# cipher RSA_WITH_3DES_EDE_CBC_SHA
ssl-proxy (config-ssl-policy)#
This example shows how to enable the SSL-session closing protocol:
ssl-proxy (config-ssl-policy)# close-protocol enable
ssl-proxy (config-ssl-policy)#
This example shows how to disable the SSL-session closing protocol:
ssl-proxy (config-ssl-policy)# no close-protocol enable
ssl-proxy (config-ssl-policy)#
These examples shows how to set a given command to its default setting:
ssl-proxy (config-ssl-policy)# default cipher
ssl-proxy (config-ssl-policy)# default close-protocol
ssl-proxy (config-ssl-policy)# default session-cache
ssl-proxy (config-ssl-policy)# default version
ssl-proxy (config-ssl-policy)#
This example shows how to enable session-cache:
ssl-proxy (config-ssl-policy)# session-cache enable
ssl-proxy (config-ssl-policy)#
This example shows how to disable session-cache:
ssl-proxy (config-ssl-policy)# no session-cache enable
ssl-proxy (config-ssl-policy)#
This example shows how to set the maximum number of session entries to be allocated for a given
service:
ssl-proxy (config-ssl-policy)# session-cache size 22000
ssl-proxy (config-ssl-policy)#
This example shows how to configure the session timeout to absolute:
ssl-proxy (config-ssl-policy)# timeout session 30000 absolute
ssl-proxy (config-ssl-policy)#