Help, No session-cache enable | Cisco Systems 6500 manual

Cisco Systems 6500 Help, No session-cache enable, Session-cache size size, Version all ssl3 tls1

Models: 6500

help

[no] session-cache enable

session-cache size size

timeout handshake timeout

timeout session timeout [absolute]

tls-rollback [current any]

version {all ssl3 tls1}

exit

2-105

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

webvpn policy ssl

Table 2-10 SSL-Policy Conﬁguration Submode Command Descriptions (continued)

exit	Exits from SSL-policy configuration submode.

help	Provides a description of the interactive help system.

[no] session-cache enable	Allows you to enable the session-caching feature. Use the no form of this
	command to disable session-caching.

session-cache size size	Specifies the maximum number of session entries to be allocated for a given
	service; valid values are from 1 to 262143 entries.

timeout handshake timeout	Allows you to configure the amount of time that the module keeps the
	connection in handshake phase; valid values are from 0 to 65535 seconds.

timeout session timeout [absolute]	Allows you to configure the session timeout. The syntax description is as
	follows:
	• timeout—Session timeout; valid values are from 0 to 72000 seconds.
	• absolute— (Optional) The session entry is not removed until the
	configured timeout has completed.

tls-rollback [current any]	Allows you to specify if the SSL protocol version number in the TLS/SSL
	premaster secret message is either the maximum version or the negotiated
	version (current), or if the version is not checked (any).

version {all ssl3 tls1}	Allows you to set the version of SSL to one of the following:
	• all—Both SSL3 and TLS1 versions are used.
	• ssl3—SSL version 3 is used.
	• tls1—TLS version 1 is used.

You can define the SSL policy templates using the ssl-proxy policy ssl ssl-policy-namecommand and associate an SSL policy with a particular proxy server using the proxy server configuration CLI. The SSL policy template allows you to define various parameters that are associated with the SSL handshake stack.

When you enable close-notify, a close-notify alert message is sent to the client and a close-notify alert message is expected from the client as well. When disabled, the server sends a close-notify alert message to the client; however, the server does not expect or wait for a close-notify message from the client before tearing down the session.

The cipher-suite names follow the same convention as the existing SSL stacks.

The cipher-suites that are acceptable to the proxy-server are as follows:

•RSA_WITH_3DES_EDE_CBC_SHA— RSA with 3des-sha

•RSA_WITH_DES_CBC_SHA—RSA with des-sha

•RSA_WITH_RC4_128_MD5—RSA with rc4-md5

•RSA_WITH_RC4_128_SHA—RSA with rc4-sha

•all—All supported ciphers

If you enter the timeout session timeout absolute command, the session entry is kept in the session cache for the configured timeout before it is cleaned up. If the session cache is full, the timers are active for all the entries, the absolute keyword is configured, and all further new sessions are rejected.

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

OL-7310-01

OL-7310-01