Configuring Ssl Version; Configuring The Available Cipher Suites - Cisco 11503 - CSS Content Services Switch Configuration Manual

Chapter 6 Configuring SSL Initiation

Configuring SSL Version

Configuring the Available Cipher Suites

OL-5655-01
To reset the port to the default value of 443, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 server-port
The SSL module initiates the connection to the real SSL server. The version in the
ClientHello message sent to the server indicates the highest supported version.
By default, the SSL version is SSL version 3 and TLS version 1. The SSL module
sends a ClientHello that has an SSL version 3 header with the ClientHello
message set to TLS version 1.
Use the backend-server number version command to specify which version of
SSL the back-end server supports:
ssl3 - SSL version 3.
•
tls1- TLS version 1.
•
ssl-tls - SSL version 3 and TLS version 1. The SSL module sends a
•
ClientHello that has an SSL version 3 header with the ClientHello message
set to TLS version 1.
For example, to configure the SSL version 3, enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 version ssl3
To reset the default SSL version, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 version
To configure one or more specific cipher suites to be used by the back-end SSL
initiation server, use the backend-server number cipher command. By default,
all supported hardware accelerated cipher suites are enabled.
For a list of all cipher suites that the SSL module supports and the corresponding
cipher suite values, see
Chapter 4, Configuring SSL
SSL version 3.0 and TLS version 1.0.
are exportable in any version of the software.
Configuring Back-End SSL Servers in an SSL Initiation Proxy List
Table 4-1 in the "Specifying Cipher Suites"
Termination. These values match those defined for
Table 4-1
Cisco Content Services Switch SSL Configuration Guide
section in
also lists those Cipher suites that
6-9