5-11
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 5 Configuring Back-End SSL
Configuring Back-End SSL Servers in an SSL Proxy List
forces the SSL session to renegotiate a new session key after a session has lasted
the defined number of seconds. The selection of an SSL rehandshake timeout
value is important when using the advanced-balance ssl load-balancing method
for a Layer 5 content rule to fine-tune the SSL session ID used to stick the client
to the server.
By default, the SSL rehandshake timeout is disabled (set to 0) for the back-end
SSL server. The timeout value is from 0 to 72000 (0 seconds to 20 hours).
For example, to configure a 30-second timeout of an SSL session rehandshake,
enter:
(config-ssl-proxy-list[ssl_list1])# back-end-server 1 handshake
timeout 30
To reset the timeout to 0, disable the rehandshake timeout period for the back-end
server by entering:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 handshake
timeout
Configuring TCP Virtual Client Connections Timeout Values
The TCP connection between the client and the SSL module is terminated when
the specified time interval elapses. The TCP timeout functions enable you to have
more control over the TCP connection between the client and the SSL module.
To configure the TCP connection with the client, see the following sections:
• Specifying a TCP SYN Timeout Value for the Virtual Client Connection
• Specifying a TCP Inactivity Timeout for a Virtual Client Connection
Specifying a TCP SYN Timeout Value for the Virtual Client Connection
The CSS SYN timer counts the delta between the CSS sending the SYN/ACK and
the client replying with an ACK as the means to terminate the TCP three-way
handshake. Use the backend-server number tcp virtual syn-timeout seconds
command to specify a timeout value that the CSS uses to terminate a TCP
connection with a client and the SSL module that has not successfully completed
the TCP three-way handshake prior to transferring data.
To Next Page
Loading...
Need help?
General
