Support User Manuals

Cisco Systems OL-7029-01 Switch User Manual

Open as PDF

of 342

3-58

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Chapter 3 Commands Specific to the Content Switching Module with SSL

ssl-proxy policy ssl

• RSA_WITH_RC4_128_SHA—RSA with rc4-sha

• all—All supported ciphers

If you enter the timeout session timeout absolute command, the session entry is kept in the session

cache for the configured timeout before it is cleaned up. If the session cache is full, the timers are active

for all the entries, the absolute keyword is configured, and all further new sessions are rejected.

If you enter the timeout session timeout command without the absolute keyword, the specified timeout

is treated as the maximum timeout and a best-effort is made to keep the session entry in the session

cache. If the session cache runs out of session entries, the session entry that is currently being used is

removed for incoming new connections.

Examples This example shows how to enter the SSL-policy configuration submode:

ssl-proxy (config)# ssl-proxy policy ssl sslpl1

ssl-proxy (config-ssl-policy)#

This example shows how to define the cipher suites that are supported for the SSL-policy:

ssl-proxy (config-ssl-policy)# cipher RSA_WITH_3DES_EDE_CBC_SHA

ssl-proxy (config-ssl-policy)#

This example shows how to enable the SSL-session closing protocol:

ssl-proxy (config-ssl-policy)# close-protocol enable

ssl-proxy (config-ssl-policy)#

This example shows how to disable the SSL-session closing protocol:

ssl-proxy (config-ssl-policy)# no close-protocol enable

ssl-proxy (config-ssl-policy)#

These examples shows how to set a given command to its default setting:

ssl-proxy (config-ssl-policy)# default cipher

ssl-proxy (config-ssl-policy)# default close-protocol

ssl-proxy (config-ssl-policy)# default session-cache

ssl-proxy (config-ssl-policy)# default version

ssl-proxy (config-ssl-policy)#

This example shows how to enable session-cache:

ssl-proxy (config-ssl-policy)# session-cache enable

ssl-proxy (config-ssl-policy)#

This example shows how to disable session-cache:

ssl-proxy (config-ssl-policy)# no session-cache enable

ssl-proxy (config-ssl-policy)#

This example shows how to set the maximum number of session entries to be allocated for a given

service:

ssl-proxy (config-ssl-policy)# session-cache size 22000

ssl-proxy (config-ssl-policy)#

This example shows how to configure the session timeout to absolute:

ssl-proxy (config-ssl-policy)# timeout session 30000 absolute

ssl-proxy (config-ssl-policy)#

previous next