2-36
Catalyst 6500 Series Switch SSL Services Module Command Reference
OL-9105-01
Chapter2 Commands for the Catalyst 6500 Series SSL Services Module
policy http-header
• SSL Session—Session headers, including the session ID, are used to cache client certificates that
are based on the session ID. The session headers are also cached on a session basis if the server
wants to track connections that are based on a particular cipher suite. When you specify session, the
SSL Services Module passes information specific to an SSL connection to the back-end server in
the form of the following session headers.
Table 2-3 lists the commands available in HTTP header insertion configuration submode.
Field to insert Description
Session-Id The SSL session ID
Session-Cipher-Name The symmetric cipher suite
Session-Cipher-Key-Size The symmetric cipher key size
Session-Cipher-Use-Size The symmetric cipher use size
Session-Step-Up TRUE if the server presented a stepup certificate
and the client renegotiated the cipher; otherwise
FALSE
Session-Initial-Cipher-Name If Session-Step-Up is TRUE, the initially
negotiated cipher name
Session-Initial-Cipher-Key-Size If Session-Step-Up is TRUE, the initially
negotiated cipher’s key size
Session-Initial-Cipher-Use-Size If Session-Step-Up is TRUE, the initially
negotiated cipher’s use size
Table 2-3 HTTP Header Insertion Configuration Submode Command Descriptions
Syntax Description
alias user-defined-name
standard-name
Specifies the alias
name of the header.
Note You can configure only one alias per standard name. You cannot
configure the same alias name for multiple standard names.
client-cert [pem] Allows the back-end server to see the attributes of the client certificate
that the SSL module has authenticated and approved.
Note You can insert the headers listed below by entering the
client-cert command, or you can send the entire client
certificate in PEM format by entering the client-cert pem
command.
Note The client certificate headers, or the client certificate in PEM
format, are inserted only if the policy’s service is configured for
client authentication. The root CA and intermediate CA
certificates will not be inserted the when client certificate is
inserted in the HTTP header.
