03-03-2008 12:53 PM
I believe I read that the CSM-S can only handle SSL v1 for a SSL proxy... Is that true?
We would like to be utilizing SSL v.3, is the only option passthrough?
Anyone know the timeline until SSLv3 is available via the proxy solution?
Appreciated.
Solved! Go to Solution.
03-03-2008 01:24 PM
Hi,
I think there is a confusion about the SSL versions. There is no SSLv1, actually there is SSLv2 and SSLv3 and the stardard called TLSv1 (pretty much the same as SSLv3)
The CSM-S is not able to terminate SSLv2 but it can forwarded toa server that does it.
As for SSLv3 and TLS the CSM-S should handle it with no issues:
Check this about SSLv2 (form Cisco documents):
"The SSL daughter card is not able to terminate SSL version 2.0 (SSLv2) connections. However, you can configure the SSL daughter card to forward SSLv2 connections to another server by entering the sslv2 keyword at the server command. When you configure the SSLv2 server IP address, the SSL daughter card transparently forwards all SSLv2 connections to that server. If you require SSLv2 forwarding, you need to configure the SSLv2 server IP address in addition to the IP address of the server that is used for offloading SSL version 3.0 or Transport Layer Security (TLS) version 1.0 connections."
Taken from:
Hope it helps!!
Diego M
03-03-2008 01:24 PM
Hi,
I think there is a confusion about the SSL versions. There is no SSLv1, actually there is SSLv2 and SSLv3 and the stardard called TLSv1 (pretty much the same as SSLv3)
The CSM-S is not able to terminate SSLv2 but it can forwarded toa server that does it.
As for SSLv3 and TLS the CSM-S should handle it with no issues:
Check this about SSLv2 (form Cisco documents):
"The SSL daughter card is not able to terminate SSL version 2.0 (SSLv2) connections. However, you can configure the SSL daughter card to forward SSLv2 connections to another server by entering the sslv2 keyword at the server command. When you configure the SSLv2 server IP address, the SSL daughter card transparently forwards all SSLv2 connections to that server. If you require SSLv2 forwarding, you need to configure the SSLv2 server IP address in addition to the IP address of the server that is used for offloading SSL version 3.0 or Transport Layer Security (TLS) version 1.0 connections."
Taken from:
Hope it helps!!
Diego M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide