EasyManuals Logo

Cisco 11503 - CSS Content Services Switch Configuration Guide

Cisco 11503 - CSS Content Services Switch
250 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #121 background imageLoading...
Page #121 background image
4-39
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
Specifying SSL Session Handshake Renegotiation
The SSL session handshake commands send the SSL HelloRequest message to a
client to restart SSL handshake negotiation. SSL rehandshake is useful when a
connection has been established for a lengthy period of time and you want to
ensure security by reestablishing the SSL session.
Use the ssl-server number handshake data kbytes command to specify the
maximum amount of data to be exchanged between the CSS and the client, after
which the CSS transmits the SSL handshake message and reestablishes the SSL
session. By setting the data value, you force the SSL session to renegotiate a new
session key after a session has transferred the specified amount of data. Specify
an SSL handshake data value in Kbytes, from 0 (handshake disabled) to 512000.
The default is 0.
For example, to configure an SSL rehandshake message for the SSL proxy list
after a data exchange of 125000 Kbytes is reached with the client, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 handshake data
125000
To disable the rehandshake data option, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 handshake data
Use the ssl-server number handshake timeout seconds command to specify a
maximum timeout value, after which the CSS transmits the SSL handshake
message and reestablishes the SSL session. Setting a timeout value forces the SSL
session to renegotiate a new session key after a session has lasted the defined
number of seconds. The selection of an SSL rehandshake timeout value is
important when using the advanced-balance ssl load-balancing method for a
Layer 5 content rule to fine-tune the SSL session ID used to stick the client to the
server. Specify an SSL handshake timeout value in seconds, from 0 (handshake
disabled) to 72000 (20 hours). The default is 0.
For example, to configure an SSL rehandshake message after a timeout value of
10 hours has elapsed, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 handshake timeout
36000
To disable the rehandshake timeout option, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 handshake timeout

Table of Contents

Other manuals for Cisco 11503 - CSS Content Services Switch

Preview: Administration Guide
Administration Guide392 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 11503 - CSS Content Services Switch and is the answer not in the manual?

Cisco 11503 - CSS Content Services Switch Specifications

General IconGeneral
BrandCisco
Model11503 - CSS Content Services Switch
CategorySwitch
LanguageEnglish

Related product manuals