Manuals / Cisco Systems / Computer Equipment / Switch

Cisco Systems 6500 help, renegotiation volume size, renegotiation interval time, no session-cache

Models: 6500

1 160
Download 160 pages 24.26 Kb
Page 67
Image 67
help

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

policy ssl

Table 2-4 SSL-Policy Configuration Submode Command Descriptions (continued)

Syntax

Description

 

 

help

Provides a description of the interactive help system.

 

 

renegotiation volume size

Allows you to enable autorenegotiation and specifies the data volume size

 

(in kilobytes).

 

When the encrypted or decrypted data amount exceeds this size, the SSL

 

Services Module sends a renegotiation request. This setting is disabled by

 

default. The valid range is from 1024 to 1073741824 kilobytes.

 

 

renegotiation interval time

Allows you to enable autorenegotiation and specifies the interval (in

 

seconds).

 

After the set interval, the SSL Services Module sends an renegotiation

 

request. This setting is disabled by default. The valid range is from 60 to

 

86400 seconds.

 

 

renegotiation wait-time time

(Optional) When you enable autorenegotiation, this command specifies the

 

amount of time (in seconds) that the SSL Services Module waits for the peer

 

to respond to the renegotiation request. The default is 100 seconds. The valid

 

range is from 10 to 300 seconds.

 

 

renegotiation optional

(Optional) When you enable autorenegotiation, the SSL Services Module

 

allows the session to continue if the peer does not respond to the

 

renegotiation request after timeout. This setting is disabled by default and

 

the session is disconnected after timeout.

 

 

[no] session-cache

Allows you to enable the session-caching feature. Use the no form of this

 

command to disable session caching.

 

 

session-cache size size

Specifies the maximum number of session entries to be allocated for a given

 

service; valid values are from 1 to 262143 entries.

 

 

timeout handshake timeout

Allows you to configure how long the module keeps the connection in the

 

handshake phase; valid values are from 0 to 65535 seconds.

 

 

timeout session timeout [absolute]

Allows you to configure the session timeout. The syntax description is as

 

follows:

 

timeout—Session timeout; valid values are from 0 to 72000 seconds.

 

absolute—(Optional) The session entry is not removed until the

 

configured timeout has completed.

 

 

tls-rollback [current any]

Allows you to specify if the SSL protocol version number in the TLS/SSL

 

premaster secret message is either the maximum version or the negotiated

 

version (current) or if the version is not checked (any).

 

 

version {all ssl3 tls1}

Allows you to set the version of SSL to one of the following:

 

all—Both SSL3 and TLS1 versions are used.

 

ssl3—SSL version 3 is used.

 

tls1—TLS version 1 is used.

 

 

You can define the SSL policy templates using the policy ssl ssl-policy-namecommand and associate a SSL policy with a particular proxy server using the proxy server configuration CLI. The SSL policy template allows you to define various parameters that are associated with the SSL handshake stack.

Catalyst 6500 Series Switch SSL Services Module Command Reference

 

OL-9105-01

2-41

 

 

 

Page 66 Page 68
Page 67
Image 67
Cisco Systems 6500 manual help, renegotiation volume size, renegotiation interval time, renegotiation wait-time time, 2-41
Page 66 Page 68