Specifying Ssl Or Tls Version; Terminating A Client Connection With A Tcp Fin Message Only - Cisco 11503 - CSS Content Services Switch Configuration Manual
Content services switch ssl configuration guide
Hide thumbs
Also See for 11503 - CSS Content Services Switch:
- Administration manual (392 pages) ,
- Hardware installation manual (184 pages) ,
- Getting started manual (142 pages)
Table of Contents
Advertisement
Configuring Virtual SSL Servers for an SSL Proxy List
Specifying SSL or TLS Version
Terminating a Client Connection with a TCP FIN Message Only
Cisco Content Services Switch SSL Configuration Guide
4-34
To disable the insertion of the static string in the HTTP header and delete the
string, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 http-header
static
By default, the SSL version is SSL version 3 and TLS version 1. The SSL module
sends a ClientHello that has an SSL version 3 header with the ClientHello
message set to TLS version 1.
Use the ssl-server number version protocol command to specify the SSL or
Transport Layer Security (TLS) protocol version. The options include:
ssl-tls - SSL protocol version 3.0 and TLS protocol version 1.0 (default)
•
ssl - SSL protocol version 3.0
•
tls - TLS protocol version 1.0
•
For example, to specify SSL version 3.0, enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 version ssl
To reset the SSL version to the default of SSL version 3.0 and TLS version 1.0,
enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 version
Normally, the SSL Close-Notify alert terminates a client connection without an
error. However, some versions of MSIE browsers do not close the connection
upon receiving the Close-Notify alert. The browser may attempt to reuse the
connection even though it appears to be closed to the CSS. Because the CSS
cannot reply to a new request on this connection, the browser may display an
error.
Chapter 4
Configuring SSL Termination
OL-5655-01
Advertisement
Table of Contents
