Chapter 5 Configuring Back-End SSL
Configuring Back-End SSL Servers in an SSL Proxy List
5-4
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Note You cannot modify the back-end SSL servers in an active SSL proxy list. You
must first suspend the SSL proxy list to make modifications to any of the
back-end-servers in a specific SSL proxy list. Once you have modified the SSL
proxy list, suspend the SSL service, activate the SSL proxy list, and then activate
the SSL service.
To configure a back-end server for use by the SSL module, you must create and
configure a back-end server entry in an SSL proxy list. Configure an IP address
that corresponds to the address of the service and the server IP address. Then
activate the SSL proxy list.
After you configure and activate the SSL proxy list, add the list to a back-end SSL
service; assign a service type of ssl-accel-backend. When you activate the
service, the CSS sends the configuration data to the SSL module.
The following sections describe:
• Creating a Back-End SSL Server in an SSL Proxy List
• Configuring the VIP Address for an SSL Back-End Server
• Configuring the Virtual Port
• Configuring the Server IP Address
• Configuring the Server Port
• Configuring SSL Version
• Configuring the Available Cipher Suites
• Configuring SSL Session Cache Timeout
• Configuring SSL Session Handshake Renegotiation
• Configuring TCP Virtual Client Connections Timeout Values
• Configuring TCP Server-Side Connection Timeout Values on the SSL
Module
• Specifying the Nagle Algorithm for SSL TCP Connections
• Specifying the TCP buffering for SSL TCP Connections