Cisco Systems OL-7029-01

3-57

Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference

OL-7029-01

Chapter3 Commands Specific to the Cont ent Switching Module with SSL

ssl-proxy policy ssl

Table 3 -4 lists the commands available in SSL-policy configuration submode.

You can define the SSL policy templates using the ssl-proxy policy ssl ssl-policy-name command and

associate a SSL policy with a particular proxy server using the proxy ser ver configuration CLI. The SSL

policy template allows you to define various parameters that are associated with the SSL handshake

stack.

When you enable close-notify, a close-notify alert message is sent to the client and a close-notify alert

message is expected from the client as well. When disabled, the server sends a close-notify a lert message

to the client; however, the server does not expect or wait for a close-notify message from the client before

tearing down the session.

The cipher-suite names follow the same convention as the existing SSL stacks.

The cipher-suites that are acceptable to the proxy-server are as follows:

•RSA_WITH_3DES_EDE_CBC_SHA— RSA with 3des-sha

•RSA_WITH_DES_CBC_SHA—RSA with des-sha

•RSA_WITH_RC4_128_MD5—RSA with rc4-md5

Table3-4 SSL-Policy Configuration Submode Command Descriptions

cipher-suite

{RSA_WITH_3DES_EDE_CBC_SHA |

RSA_WITH_DES_CBC_SHA |

RSA_WITH_RC4_128_MD5 |

RSA_WITH_RC4_128_SHA | all}

Allows you to configure a list of cipher-suites acceptable to the

proxy-server; see the “Usage Guidelines” section for information about the

cipher suites.

[no] close-protocol enable Allows you to configure the SSL close-protocol behavior. Use the no form

of this command to disable close protocol.

default {cipher | close-protocol |

session-cache | version}

Sets a command to its default settings.

exit Exits from SSL-policy configuration submode.

help Provides a description of the interactive help system.

[no] session-cache enable Allows you to enable the session-caching feature. Use the no form of this

command to disable session-caching.

session-cache size size Specifies the maximum number of session entries to be allocated for a given

service; valid values are from 1 to 262143 entries.

timeout handshake timeout Allows you to configure how long the module keeps the connection in

handshake phase; valid values are from 0 to 65535 seconds.

timeout session timeout [absolute] Allows you to configure the session timeout. The syntax description is as

follows:

•timeout—Session timeout; valid values are from 0 to 72000 seconds.

•absolute—(Optional) The session entry is not removed until the

configured timeout has completed.

version {all | ssl3 | tls1} Allows you to set the version of SSL to one of the following:

•all—Both SSL3 and TLS1 versions are used.

•ssl3—SSL version 3 is used.

•tls1—TLS version 1 is used.