Cisco Catalyst 6500 Series Command Reference Manual page 67

Ssl services module command reference

Hide thumbs Also See for Catalyst 6500 Series:

Software configuration manual (570 pages)

Configuration manual (392 pages)

Configuration note (212 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

page of 160

/ 160
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 2

Commands for the Catalyst 6500 Series SSL Services Module

Table 2-4

SSL-Policy Configuration Submode Command Descriptions (continued)

Syntax

help

renegotiation volume size

renegotiation interval time

renegotiation wait-time time

renegotiation optional

[no] session-cache

session-cache size size

timeout handshake timeout

timeout session timeout [absolute]

tls-rollback [current | any]

version {all | ssl3 | tls1}

You can define the SSL policy templates using the policy ssl ssl-policy-name command and associate a

SSL policy with a particular proxy server using the proxy server configuration CLI. The SSL policy

template allows you to define various parameters that are associated with the SSL handshake stack.

OL-9105-01

Description

Provides a description of the interactive help system.

Allows you to enable autorenegotiation and specifies the data volume size

(in kilobytes).

When the encrypted or decrypted data amount exceeds this size, the SSL

Services Module sends a renegotiation request. This setting is disabled by

default. The valid range is from 1024 to 1073741824 kilobytes.

Allows you to enable autorenegotiation and specifies the interval (in

seconds).

After the set interval, the SSL Services Module sends an renegotiation

request. This setting is disabled by default. The valid range is from 60 to

86400 seconds.

(Optional) When you enable autorenegotiation, this command specifies the

amount of time (in seconds) that the SSL Services Module waits for the peer

to respond to the renegotiation request. The default is 100 seconds. The valid

range is from 10 to 300 seconds.

(Optional) When you enable autorenegotiation, the SSL Services Module

allows the session to continue if the peer does not respond to the

renegotiation request after timeout. This setting is disabled by default and

the session is disconnected after timeout.

Allows you to enable the session-caching feature. Use the no form of this

command to disable session caching.

Specifies the maximum number of session entries to be allocated for a given

service; valid values are from 1 to 262143 entries.

Allows you to configure how long the module keeps the connection in the

handshake phase; valid values are from 0 to 65535 seconds.

Allows you to configure the session timeout. The syntax description is as

follows:

timeout—Session timeout; valid values are from 0 to 72000 seconds.

•

absolute—(Optional) The session entry is not removed until the

•

configured timeout has completed.

Allows you to specify if the SSL protocol version number in the TLS/SSL

premaster secret message is either the maximum version or the negotiated

version (current) or if the version is not checked (any).

Allows you to set the version of SSL to one of the following:

all—Both SSL3 and TLS1 versions are used.

•

ssl3—SSL version 3 is used.

•

tls1—TLS version 1 is used.

Catalyst 6500 Series Switch SSL Services Module Command Reference

policy ssl

2-41

Table of Contents

Cisco Catalyst 6500 Series Command Reference Manual page 67

Related Manuals for Cisco Catalyst 6500 Series

Related Products for Cisco Catalyst 6500 Series

Table of Contents