Cisco 11503 - CSS Content Services Switch Configuration Manual page 168

Configuring Back-End SSL Servers in an SSL Initiation Proxy List
If you use the default setting or select the all-cipher-suite option, the CSS sends
the suites in the same order as they appear in
rsa-with-rc4-128-md5.
The all-cipher-suites option reenables all cipher suites for the back-end server.
Note
This option works only when you do not configure specifically-defined ciphers.
To return to using the all-cipher-suites option, you must remove all
specifically-defined ciphers.
For example, to configure a cipher of rsa-with-rc4-128-md5, enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 cipher
rsa-with-rc4-128-md5
When negotiating which cipher suite to use, the SSL module sends the ciphers in
weighted order to the server with the highest weighted cipher first in the list.
By default, all configured cipher suites have a weight of 1. Optionally, you can
assign a priority weight to the cipher suite, with 10 being the highest.
If two or more ciphers have the same weight (no weight has a value of 1), the
Note
ciphers appear in the Client Hello in the same order as they appear in the
running-configuration file.
For example, to set a weight of 10 to a cipher suite, enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 cipher
rsa-with-rc4-128-md5 weight 10
To remove one or more of the configured cipher suites for the SSL initiation
back-end server, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 cipher
rsa-with-rc4-128-md5
Cisco Content Services Switch SSL Configuration Guide
6-10
Chapter 6 Configuring SSL Initiation
Table 4-1, starting with
OL-5655-01