Chapter 6
Configuring SSL Initiation
Configuring TCP Virtual Client Connections Timeout Values
Specifying a TCP SYN Timeout Value for the Virtual Client Connection
Note
OL-5655-01
The TCP connection between the client and the SSL module is terminated when
the specified time interval elapses. The TCP timeout functions enable you to have
more control over the TCP connection between the client and the SSL module.
To configure the parameters for the TCP connection with the client, see the
following sections:
Specifying a TCP SYN Timeout Value for the Virtual Client Connection
•
Specifying a TCP Inactivity Timeout for a Virtual Client Connection
•
Specifying the Nagle Algorithm for Client-Side Connections
•
The CSS SYN timer counts the time difference between the CSS sending the
SYN/ACK and the client replying with an ACK as the means to terminate the TCP
three-way handshake. Use the backend-server number tcp virtual syn-timeout
seconds command to specify a timeout value that the CSS uses to terminate a TCP
connection with a client and the SSL module that has not successfully completed
the TCP three-way handshake prior to transferring data.
Enter a TCP SYN inactivity timeout value in seconds, from 0 (TCP SYN timeout
disabled) to 3600 (1 hour). The default is 30 seconds. When you set the command
to 0, the timer becomes inactive and the retransmit timer eventually terminates a
broken TCP connection.
The connection timer should always be less than the retransmit termination time
for new TCP connections.
To configure the TCP SYN timeout of 100 seconds, enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 tcp virtual
syn-timeout 100
To disable the timeout, set the value to 0:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 tcp virtual
syn-timeout 0
Configuring Back-End SSL Servers in an SSL Initiation Proxy List
Cisco Content Services Switch SSL Configuration Guide
6-13