Chapter 5 Configuring Back-End SSL
Configuring Back-End SSL Servers in an SSL Proxy List
5-10
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
For example, to configure the SSL session cache timeout of 500 seconds, enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 session-cache 500
To reset the session cache ID reuse to the default of enabled with a timeout of
300 seconds, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 session-cache
To disable session cache ID reuse, enter a timeout value of 0 seconds:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 session-cache 0
Configuring SSL Session Handshake Renegotiation
The SSL session handshake commands send the SSL HelloRequest message to a
client to restart SSL handshake negotiation. SSL rehandshake is useful when a
connection has been established for a lengthy period of time and you want to
ensure security by reestablishing the SSL session between the CSS and the
back-end SSL server.
Use the backend-server number handshake data kbytes command to force an
SSL rehandshake after the exchange of a certain amount of data between the CSS
and the back-end SSL server, after which the CSS transmits the SSL handshake
message and reestablishes the SSL session.
By default, the SSL rehandshake is disabled (set to 0) for a back-end SSL server
after the exchange of data. The data value is in kilobytes and is from 0 to 512000
kilobytes.
For example, to configure the SSL session rehandshake data value of 500 Kbytes,
enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 handshake data
500
To reset the rehandshake data value to 0, disable the rehandshake after the
exchange of data. For example, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 handshake data
Use the backend-server number handshake timeout seconds command to
specify a maximum timeout value, after which the CSS transmits the SSL
handshake message and reestablishes the SSL session. Setting a timeout value
To Next Page
Loading...
Need help?
General
