Chapter 6
Configuring SSL Initiation
Configuring Back-End SSL Servers in an SSL Initiation Proxy List
To reset the timeout to the default value of 30 seconds, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 tcp virtual
syn-timeout
Specifying a TCP Inactivity Timeout for a Virtual Client Connection
The TCP inactivity timeout begins once the CSS receives an ACK from the client
to terminate the TCP three-way handshake. The inactivity timer resumes
immediately following where the SYN timer stops, with regard to traffic flow. Use
the backend-server number tcp virtual inactivity-timeout seconds command to
specify a timeout value that the CSS uses to terminate a TCP connection with the
client and the SSL module when there is little or no activity occurring on the
connection.
Enter a TCP inactivity timeout value in seconds from 0 (TCP inactivity timeout
disabled) to 3600 (1 hour). The default is 240 seconds.
Based on the default parameters for retransmission, the timer value should be
larger than 60 seconds (1 minute).
For example, to configure the TCP inactivity timeout period of 100 seconds for
the virtual client connection, enter:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 tcp virtual
inactivity-timeout 100
To disable the timeout, set the value to 0:
(config-ssl-proxy-list[ssl_list1])# backend-server 1 tcp virtual
inactivity-timeout 0
To reset the timeout to the default value of 240 seconds, enter:
(config-ssl-proxy-list[ssl_list1])# no backend-server 1 tcp virtual
inactivity-timeout
Cisco Content Services Switch SSL Configuration Guide
6-14
OL-5655-01