Cisco 11503 - CSS Content Services Switch Configuration Manual page 170

Chapter 6 Configuring SSL Initiation
Configuring Back-End SSL Servers in an SSL Initiation Proxy List
By default, the SSL rehandshake based on data (flow) is disabled (set to 0) for a
back-end SSL server after the exchange of data. The data value is in kilobytes and
is from 0 to 512000 kilobytes.
For example, to configure the SSL session rehandshake data value of 500 Kbytes,
enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 handshake data
500
To reset the rehandshake data value to 0, disable the rehandshake based on the
exchange of data. For example, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 handshake data
Use the backend-server number handshake timeout seconds command to
specify a maximum timeout value, after which the CSS transmits the SSL
handshake message and reestablishes the SSL session. Setting a timeout value
forces the SSL session to renegotiate a new session key after a session has lasted
the defined number of seconds. The selection of an SSL rehandshake timeout
value is important when using the advanced-balance ssl load-balancing method
for a Layer 5 content rule to fine-tune the SSL session ID used to stick the client
to the server.
By default, the SSL rehandshake timeout is disabled (set to 0) for the back-end
SSL server. The timeout value is from 0 to 72000 (0 seconds to 20 hours).
For example, to configure a 30-second timeout of an SSL session rehandshake,
enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 handshake timeout
30
To reset the timeout to 0, disable the rehandshake timeout period for the back-end
server by entering:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 handshake
timeout
Cisco Content Services Switch SSL Configuration Guide
6-12
OL-5655-01