Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
0
Helpful
1
Replies

CSM-S SSL Proxy, SSL version

Go to solution
lewisx_2
Level 1
Level 1

‎03-03-2008 12:53 PM

I believe I read that the CSM-S can only handle SSL v1 for a SSL proxy... Is that true?

We would like to be utilizing SSL v.3, is the only option passthrough?

Anyone know the timeline until SSLv3 is available via the proxy solution?

Appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Diego Vargas
Cisco Employee
Cisco Employee

‎03-03-2008 01:24 PM

Hi,

I think there is a confusion about the SSL versions. There is no SSLv1, actually there is SSLv2 and SSLv3 and the stardard called TLSv1 (pretty much the same as SSLv3)

The CSM-S is not able to terminate SSLv2 but it can forwarded toa server that does it.

As for SSLv3 and TLS the CSM-S should handle it with no issues:

Check this about SSLv2 (form Cisco documents):

"The SSL daughter card is not able to terminate SSL version 2.0 (SSLv2) connections. However, you can configure the SSL daughter card to forward SSLv2 connections to another server by entering the sslv2 keyword at the server command. When you configure the SSLv2 server IP address, the SSL daughter card transparently forwards all SSLv2 connections to that server. If you require SSLv2 forwarding, you need to configure the SSLv2 server IP address in addition to the IP address of the server that is used for offloading SSL version 3.0 or Transport Layer Security (TLS) version 1.0 connections."

Taken from:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csms/2.1.1/configuration/guide/ssl_srvc.html#wp1051760

Hope it helps!!

Diego M

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Diego Vargas
Cisco Employee
Cisco Employee

‎03-03-2008 01:24 PM

Hi,

I think there is a confusion about the SSL versions. There is no SSLv1, actually there is SSLv2 and SSLv3 and the stardard called TLSv1 (pretty much the same as SSLv3)

The CSM-S is not able to terminate SSLv2 but it can forwarded toa server that does it.

As for SSLv3 and TLS the CSM-S should handle it with no issues:

Check this about SSLv2 (form Cisco documents):

"The SSL daughter card is not able to terminate SSL version 2.0 (SSLv2) connections. However, you can configure the SSL daughter card to forward SSLv2 connections to another server by entering the sslv2 keyword at the server command. When you configure the SSLv2 server IP address, the SSL daughter card transparently forwards all SSLv2 connections to that server. If you require SSLv2 forwarding, you need to configure the SSLv2 server IP address in addition to the IP address of the server that is used for offloading SSL version 3.0 or Transport Layer Security (TLS) version 1.0 connections."

Taken from:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csms/2.1.1/configuration/guide/ssl_srvc.html#wp1051760

Hope it helps!!

Diego M

0 Helpful
Customers Also Viewed These Support Documents