Cipher-suite, Session-cache version Exit | Cisco Systems OL-7029-01

Chapter 3 Commands Specific to the Content Switching Module with SSL

ssl-proxy policy ssl

Table 3-4lists the commands available in SSL-policy configuration submode.

Table 3-4	SSL-Policy Configuration Submode Command Descriptions

cipher-suite		Allows you to configure a list of cipher-suites acceptable to the
{RSA_WITH_3DES_EDE_CBC_SHA		proxy-server; see the “Usage Guidelines” section for information about the
RSA_WITH_DES_CBC_SHA		cipher suites.
RSA_WITH_RC4_128_MD5
RSA_WITH_RC4_128_SHA all}

[no] close-protocol enable		Allows you to configure the SSL close-protocol behavior. Use the no form
		of this command to disable close protocol.

default {cipher close-protocol		Sets a command to its default settings.
session-cache version}

exit		Exits from SSL-policy configuration submode.

help		Provides a description of the interactive help system.

[no] session-cache enable		Allows you to enable the session-caching feature. Use the no form of this
		command to disable session-caching.

session-cache size size		Specifies the maximum number of session entries to be allocated for a given
		service; valid values are from 1 to 262143 entries.

timeout handshake timeout		Allows you to configure how long the module keeps the connection in
		handshake phase; valid values are from 0 to 65535 seconds.

timeout session timeout [absolute]		Allows you to configure the session timeout. The syntax description is as
		follows:
		• timeout—Session timeout; valid values are from 0 to 72000 seconds.
		• absolute—(Optional) The session entry is not removed until the
		configured timeout has completed.

version {all ssl3 tls1}		Allows you to set the version of SSL to one of the following:
		• all—Both SSL3 and TLS1 versions are used.
		• ssl3—SSL version 3 is used.
		• tls1—TLS version 1 is used.

You can define the SSL policy templates using the ssl-proxy policy ssl ssl-policy-namecommand and associate a SSL policy with a particular proxy server using the proxy server configuration CLI. The SSL policy template allows you to define various parameters that are associated with the SSL handshake stack.

When you enable close-notify, a close-notify alert message is sent to the client and a close-notify alert message is expected from the client as well. When disabled, the server sends a close-notify alert message to the client; however, the server does not expect or wait for a close-notify message from the client before tearing down the session.

The cipher-suite names follow the same convention as the existing SSL stacks.

The cipher-suites that are acceptable to the proxy-server are as follows:

•RSA_WITH_3DES_EDE_CBC_SHA— RSA with 3des-sha

•RSA_WITH_DES_CBC_SHA—RSA with des-sha

•RSA_WITH_RC4_128_MD5—RSA with rc4-md5

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

	OL-7029-01	3-57

Cisco Systems OL-7029-01 manual Cipher-suite, RSAWITHRC4128SHA all No close-protocol enable

Models: OL-7029-01

cipher-suite

RSA_WITH_RC4_128_MD5

RSA_WITH_RC4_128_SHA all}

[no] close-protocol enable

default {cipher close-protocol

session-cache version}

exit

[no] session-cache enable

session-cache size size

timeout handshake timeout

timeout session timeout [absolute]