Cisco 11503 - CSS Content Services Switch Configuration Manual page 126

Configuring Virtual SSL Servers for an SSL Proxy List
Specifying a TCP SYN Timeout Value (Server-Side Connection)
Note
Specifying a TCP Inactivity Timeout Value (Server-Side Connection)
Cisco Content Services Switch SSL Configuration Guide
4-44
The TCP SYN timer counts the delta between the CSS initiating the back-end
TCP connection by transmitting a SYN and the server replying with a SYN/ACK.
Use the ssl-server number tcp server syn-timeout seconds command to specify
a timeout value that the CSS uses to end a TCP connection with a server that has
not successfully completed the TCP three-way handshake prior to transferring
data.
Enter a TCP SYN timeout value in seconds, from 0 (TCP SYN timeout disabled)
to 3600 (1 hour). The default is 30 seconds. When you set the command to 0, the
timer becomes inactive and the retransmit timer eventually terminates a broken
TCP connection.
The connection timer should always be less than the retransmit termination time
for new SSL and TCP connections.
For example, to configure a TCP SYN timeout of 30 minutes (1800 seconds),
enter:
(config-ssl-proxy-list[ssl_list1])# ssl-server 20 tcp server
syn-timeout 1800
To reset the TCP SYN timeout to the default of 30 seconds, enter:
(config-ssl-proxy-list[ssl_list1])# no ssl-server 20 tcp server
syn-timeout
The TCP inactivity timeout begins once the CSS receives a SYN/ACK from the
server. The inactivity timer resumes immediately following where the SYN timer
stops, with regard to traffic flow. Use the ssl-server number tcp server
inactivity-timeout seconds command to specify a timeout value that the CSS uses
to terminate a TCP connection with a server when there is little or no activity
occurring on the connection.
Enter a TCP inactivity timeout value in seconds, from 0 (TCP inactivity timeout
disabled) to 3600 (1 hour). The default is 240 seconds.
Chapter 4 Configuring SSL Termination
OL-5655-01