6-9
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 6 Configuring SSL Initiation
Configuring Back-End SSL Servers in an SSL Initiation Proxy List
To reset the port to the default value of 443, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 server-port
Configuring SSL Version
The SSL module initiates the connection to the real SSL server. The version in the
ClientHello message sent to the server indicates the highest supported version.
By default, the SSL version is SSL version 3 and TLS version 1. The SSL module
sends a ClientHello that has an SSL version 3 header with the ClientHello
message set to TLS version 1.
Use the backend-server number version command to specify which version of
SSL the back-end server supports:
• ssl3 - SSL version 3.
• tls1- TLS version 1.
• ssl-tls - SSL version 3 and TLS version 1. The SSL module sends a
ClientHello that has an SSL version 3 header with the ClientHello message
set to TLS version 1.
For example, to configure the SSL version 3, enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 version ssl3
To reset the default SSL version, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 version
Configuring the Available Cipher Suites
To configure one or more specific cipher suites to be used by the back-end SSL
initiation server, use the backend-server number cipher command. By default,
all supported hardware accelerated cipher suites are enabled.
For a list of all cipher suites that the SSL module supports and the corresponding
cipher suite values, see Table 4-1 in the “Specifying Cipher Suites” section in
Chapter 4, Configuring SSL Termination. These values match those defined for
SSL version 3.0 and TLS version 1.0. Table 4-1 also lists those Cipher suites that
are exportable in any version of the software.
To Next Page
Loading...
Need help?
General
