Configuring Back-End SSL Servers in an SSL Proxy List
Configuring SSL Version
Configuring the Available Cipher Suites
Cisco Content Services Switch SSL Configuration Guide
5-8
For a back-end server, the SSL module initiates the SSL connection. The version
in the ClientHello message sent to the server indicates the highest supported
version.
By default, the SSL version is SSL version 3 and TLS version 1. The SSL module
sends a ClientHello that has an SSL version 3 header with the ClientHello
message set to TLS version 1.
Use the backend-server number version command to specify which version of
SSL the back-end server supports:
ssl3 - SSL version 3.
•
•
tls1- TLS version 1.
ssl-tls - SSL version 3 and TLS version 1. The SSL module sends a
•
ClientHello that has an SSL version 3 header with the ClientHello message
set to TLS version 1.
For example, to configure the SSL version 3, enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 version ssl3
To reset the default SSL version, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 version
To configure one or more specific cipher suites to be used by the back-end server,
use the backend-server number cipher command. By default, all supported
hardware accelerated cipher suites are enabled.
Table 4-1
earlier in this chapter lists all supported cipher suites for the SSL
module and the corresponding cipher suite value. These values match those
defined for SSL version 3.0 and TLS version 1.0. The table also lists those Cipher
suites that are exportable in any version of the software.
If you use the default setting or select the all-cipher-suite option, the CSS sends
the suites in the same order as they appear in
rsa-with-rc4-128-md5.
Chapter 5
Configuring Back-End SSL
Table
4-1, starting with
OL-5655-01