Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

webvpn policy ssl

If you enter the timeout session timeout command without the absolute keyword, the specified timeout becomes the maximum timeout and a best-effort is made to keep the session entry in the session cache. If the session cache runs out of session entries, the session entry that is currently being used is removed for incoming new connections.

When you enter the cert-req empty command, the WebVPN Services Module backend service always returns the certificate associated with the trustpoint and does not look for CA-name match. By default, the WebVPN Services Module always looks for the CA-name match before returning the certificate. If the SSL server does not include a CA-name list in the certificate request during client authentication, the handshake fails.

By default, the WebVPN Services Module uses the maximum supported SSL protocol version (SSL2.0, SSL3.0, TLS1.0) in the ClientHello message. Enter the tls-rollback[current any] command if the SSL client uses the negotiated version instead of the maximum supported version (as specified in the ClientHello message).

When you enter the tls-rollback current command, the SSL protocol version can be either the maximum supported version or the negotiated version.

When you enter the tls-rollback any command, the SSL protocol version is not checked at all.

Examples

This example shows how to enter the SSL-policy configuration submode:

wwbvpn(config)# webvpn policy ssl sslpl1

wwbvpn(config-ssl-policy)#

This example shows how to define the cipher suites that are supported for the SSL-policy:

wwbvpn(config-ssl-policy)#cipher RSA_WITH_3DES_EDE_CBC_SHA

wwbvpn(config-ssl-policy)#

This example shows how to enable the SSL session closing protocol:

wwbvpn(config-ssl-policy)# close-protocol enable wwbvpn(config-ssl-policy)#

This example shows how to disable the SSL session closing protocol:

wwbvpn(config-ssl-policy)# no close-protocol enable wwbvpn(config-ssl-policy)#

These examples shows how to set a specific command to its default setting:

wwbvpn(config-ssl-policy)# default cipher wwbvpn(config-ssl-policy)# default close-protocolwwbvpn(config-ssl-policy)# default session-cachewwbvpn(config-ssl-policy)# default version wwbvpn(config-ssl-policy)#

This example shows how to enable session-cache:

wwbvpn(config-ssl-policy)# session-cache enable wwbvpn(config-ssl-policy)#

This example shows how to disable session-cache:

wwbvpn(config-ssl-policy)# no session-cache enable wwbvpn(config-ssl-policy)#

 

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

2-106

OL-7310-01

Page 105 Page 107
Page 106
Image 106
Cisco Systems 6500 manual This example shows how to enable session-cache, This example shows how to disable session-cache
Page 105 Page 107
Top Page Image Contents