Catalyst 6500 Series Switch Content Switching Module with SSL Command Reference
Chapter 3 Commands Specific to the Content Switching Module with SSL
ssl-proxy policy ssl
Table 3-4 lists the commands available in SSL-policy configuration submode.
You can define the SSL policy templates using the ssl-proxy policy ssl ssl-policy-name command and
associate a SSL policy with a particular proxy server using the proxy server configuration CLI. The SSL
policy template allows you to define various parameters that are associated with the SSL handshake
When you enable close-notify, a close-notify alert message is sent to the client and a close-notify alert
message is expected from the client as well. When disabled, the server sends a close-notify alert message
to the client; however, the server does not expect or wait for a close-notify message from the client before
tearing down the session.
The cipher-suite names follow the same convention as the existing SSL stacks.
The cipher-suites that are acceptable to the proxy-server are as follows:
• RSA_WITH_3DES_EDE_CBC_SHA— RSA with 3des-sha
• RSA_WITH_DES_CBC_SHA—RSA with des-sha
• RSA_WITH_RC4_128_MD5—RSA with rc4-md5
Table 3-4 SSL-Policy Configuration Submode Command Descriptions
| all}
Allows you to configure a list of cipher-suites acceptable to the
proxy-server; see the “Usage Guidelines” section for information about the
cipher suites.
[no] close-protocol enable Allows you to configure the SSL close-protocol behavior. Use the no form
of this command to disable close protocol.
default {cipher | close-protocol |
session-cache | version}
Sets a command to its default settings.
exit Exits from SSL-policy configuration submode.
help Provides a description of the interactive help system.
[no] session-cache enable Allows you to enable the session-caching feature. Use the no form of this
command to disable session-caching.
session-cache size size Specifies the maximum number of session entries to be allocated for a given
service; valid values are from 1 to 262143 entries.
timeout handshake timeout Allows you to configure how long the module keeps the connection in
handshake phase; valid values are from 0 to 65535 seconds.
timeout session timeout [absolute] Allows you to configure the session timeout. The syntax description is as
• timeout—Session timeout; valid values are from 0 to 72000 seconds.
• absolute—(Optional) The session entry is not removed until the
configured timeout has completed.
version {all | ssl3 | tls1} Allows you to set the version of SSL to one of the following:
• all—Both SSL3 and TLS1 versions are used.
• ssl3—SSL version 3 is used.
• tls1—TLS version 1 is used.