Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
4-42
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Specifying SSL TCP Client-Side Connection Timeout Values
The TCP connection between the CSS and a client is terminated when the
specified time interval elapses. The TCP timeout functions enable you to have
more control over the TCP connection between the CSS SSL module and a client.
To configure an SSL proxy list virtual SSL server for termination of a TCP
connection with the client, see the following sections:
• Specifying a TCP SYN Timeout Value (Client-Side Connection)
• Specifying a TCP Inactivity Timeout Value (Client-Side Connection)
Specifying a TCP SYN Timeout Value (Client-Side Connection)
The CSS SYN timer counts the delta between the CSS sending the SYN/ACK and
the client replying with an ACK as the means to terminate the TCP three-way
handshake. Use the ssl-server number tcp virtual syn-timeout seconds
command to specify a timeout value that the CSS uses to terminate a TCP
connection with a client that has not successfully completed the TCP three-way
handshake prior to transferring data.
Enter a TCP SYN inactivity timeout value in seconds, from 0 (TCP SYN timeout
disabled) to 3600 (1 hour). The default is 30 seconds. When you set the command
to 0, the timer becomes inactive and the retransmit timer eventually terminates a
broken TCP connection.
Note The connection timer should always be less than the retransmit termination time
for new SSL and TCP connections.
For example, to configure a TCP SYN timeout of 30 minutes (1800 seconds),
enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 tcp virtual
syn-timeout 1800
To reset the TCP SYN timeout to the default of 30 seconds, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 tcp virtual
syn-timeout
To Next Page
Loading...
Need help?
General
