Chapter 4
Configuring SSL Termination
Note
Caution
Table 4-1
SSL Cipher Suites Supported by the CSS
Cipher Suite
all-cipher-suites
rsa-with-rc4-128-md5
rsa-with-rc4-128-sha
rsa-with-des-cbc-sha
rsa-with-3des-ede-cbc-sha
dhe-dss-with-des-cbc-sha
dhe-dss-with-3des-ede-cbc-sha
dhe-rsa-with-des-cbc-sha
OL-5655-01
If you use the default setting or select the all-cipher-suite option, the CSS sends
the suites in the same order as they appear in
rsa-with-rc4-128-md5.
The all-cipher-suites setting works only when no specifically-defined ciphers are
configured. To return to using the all-cipher-suites setting, you must remove all
specifically-defined ciphers.
The dh-anon series of cipher suites are intended for completely anonymous
Diffie-Hellman communications in which neither party is authenticated. Note that
this cipher suite is vulnerable to attacks.
Cipher suites with "export" in the title indicate that they are intended for use
outside of the domestic United States and that they have encryption algorithms
with limited key sizes.
Exportable
Configuring Virtual SSL Servers for an SSL Proxy List
Authentication
Certificate Used
No
RSA certificate, DSA
certificate
No
RSA certificate
No
RSA certificate
No
RSA certificate
No
RSA certificate
No
DSA (DSS) certificate Ephemeral
No
DSA (DSS) certificate Ephemeral
No
RSA certificate
Cisco Content Services Switch SSL Configuration Guide
Table
4-1, starting with
Key Exchange
Algorithm
Used
RSA key exchange,
Diffie-Hellman
RSA key exchange
RSA key exchange
RSA key exchange
RSA key exchange
Diffie-Hellman
Diffie-Hellman
Ephemeral
Diffie-Hellman key
exchange
4-13