Cisco Systems 6500 Manual

A SERVICE OF

next previous

2-43

Catalyst 6500 Series Switch SSL Services Module Command Reference

OL-9105-01

Chapter 2 Commands for the Catalyst 6500 Series SSL Services Module

policy ssl

When you enter the tls-rollback current command, the SSL protocol version can be either the maximum

supported version or the negotiated version.

When you enter the tls-rollback any command, the SSL protocol version is not checked at all.

Examples This example shows how to enter the SSL-policy configuration submode:

ssl-proxy(config)# ssl-proxy context s1

ssl-proxy(config-context)# policy ssl sslpl1

ssl-proxy (config-ctx-ssl-policy)#

This example shows how to define the cipher suites that are supported for the SSL-policy:

ssl-proxy (config-ctx-ssl-policy)# cipher RSA_WITH_3DES_EDE_CBC_SHA

ssl-proxy (config-ctx-ssl-policy)#

This example shows how to enable the SSL-session closing protocol and configure the strict closing

protocol behavior:

ssl-proxy (config-ctx-ssl-policy)# close-protocol strict

ssl-proxy (config-ctx-ssl-policy)#

This example shows how to disable the SSL-session closing protocol:

ssl-proxy (config-ctx-ssl-policy)# no close-protocol

ssl-proxy (config-ctx-ssl-policy)#

These examples shows how to set a given command to its default setting:

ssl-proxy (config-ctx-ssl-policy)# default cipher

ssl-proxy (config-ctx-ssl-policy)# default close-protocol

ssl-proxy (config-ctx-ssl-policy)# default session-cache

ssl-proxy (config-ctx-ssl-policy)# default version

ssl-proxy (config-ctx-ssl-policy)#

This example shows how to enable a session cache:

ssl-proxy (config-ctx-ssl-policy)# session-cache

ssl-proxy (config-ctx-ssl-policy)#

This example shows how to disable a session cache:

ssl-proxy (config-ctx-ssl-policy)# no session-cache

ssl-proxy (config-ctx-ssl-policy)#

This example shows how to set the maximum number of session entries to be allocated for a given

service:

ssl-proxy (config-ctx-ssl-policy)# session-cache size 22000

ssl-proxy (config-ctx-ssl-policy)#

This example shows how to configure the session timeout to absolute:

ssl-proxy (config-ctx-ssl-policy)# timeout session 30000 absolute

ssl-proxy (config-ctx-ssl-policy)#

These examples show how to enable the support of different SSL versions:

ssl-proxy (config-ctx-ssl-policy)# version all

ssl-proxy (config-ctx-ssl-policy)# version ssl3

ssl-proxy (config-ctx-ssl-policy)# version tls1

ssl-proxy (config-ctx-ssl-policy)#