Cisco Catalyst 6500 Series Command Reference Manual page 62

Ssl services module command reference

Hide thumbs Also See for Catalyst 6500 Series:

Software configuration manual (570 pages)

Configuration manual (392 pages)

Configuration note (212 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

page of 160

/ 160
Contents
Table of Contents
Bookmarks

Table of Contents

policy http-header

SSL Session—Session headers, including the session ID, are used to cache client certificates that

•

are based on the session ID. The session headers are also cached on a session basis if the server

wants to track connections that are based on a particular cipher suite. When you specify session, the

SSL Services Module passes information specific to an SSL connection to the back-end server in

the form of the following session headers.

Field to insert

Session-Id

Session-Cipher-Name

Session-Cipher-Key-Size

Session-Cipher-Use-Size

Session-Step-Up

Session-Initial-Cipher-Name

Session-Initial-Cipher-Key-Size

Session-Initial-Cipher-Use-Size

Table 2-3

Syntax

alias user-defined-name

standard-name

client-cert [pem]

Catalyst 6500 Series Switch SSL Services Module Command Reference

2-36

lists the commands available in HTTP header insertion configuration submode.

HTTP Header Insertion Configuration Submode Command Descriptions

Description

Specifies the alias name of the header.

Note

Allows the back-end server to see the attributes of the client certificate

that the SSL module has authenticated and approved.

Note

Chapter 2

Commands for the Catalyst 6500 Series SSL Services Module

Description

The SSL session ID

The symmetric cipher suite

The symmetric cipher key size

The symmetric cipher use size

TRUE if the server presented a stepup certificate

and the client renegotiated the cipher; otherwise

FALSE

If Session-Step-Up is TRUE, the initially

negotiated cipher name

If Session-Step-Up is TRUE, the initially

negotiated cipher's key size

If Session-Step-Up is TRUE, the initially

negotiated cipher's use size

You can configure only one alias per standard name. You cannot

configure the same alias name for multiple standard names.

You can insert the headers listed below by entering the

client-cert command, or you can send the entire client

certificate in PEM format by entering the client-cert pem

command.

The client certificate headers, or the client certificate in PEM

format, are inserted only if the policy's service is configured for

client authentication. The root CA and intermediate CA

certificates will not be inserted the when client certificate is

inserted in the HTTP header.

OL-9105-01

Table of Contents

Cisco Catalyst 6500 Series Command Reference Manual page 62

Related Manuals for Cisco Catalyst 6500 Series

Related Products for Cisco Catalyst 6500 Series

Table of Contents