Chapter 5
Configuring Back-End SSL
Configuring TCP Server-Side Connection Timeout Values on the
SSL Module
Specifying a TCP SYN Timeout Value for a Server-Side Connection
OL-5655-01
For example, to configure the TCP inactivity timeout period of 100 seconds for
the virtual client connection, enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 tcp virtual
inactivity-timeout 100
To disable the timeout, set the value to 0:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 tcp virtual
inactivity-timeout 0
To reset the timeout to the default value of 240 seconds, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 tcp virtual
inactivity-timeout
The TCP connection between the SSL module and a server is terminated when the
specified time interval elapses. The TCP timeout functions enable you to have
more control over TCP connections between the CSS SSL module and a server.
To configure the timeout values of a TCP connection with the server, see the
following sections:
•
Specifying a TCP SYN Timeout Value for a Server-Side Connection
Specifying a TCP Inactivity Timeout for a Server-Side Connection
•
The TCP SYN timer counts the delta between the CSS initiating the back-end
TCP connection by transmitting a SYN and the server replying with a SYN/ACK.
Use the backend-server number tcp server syn-timeout seconds command to
specify a timeout value that the CSS uses to end a TCP connection with a server
that has not successfully completed the TCP three-way handshake prior to
transferring data.
Configuring Back-End SSL Servers in an SSL Proxy List
Cisco Content Services Switch SSL Configuration Guide
5-13