Re: CSM: supported SSL cypher-cuites

ppokrovsky · ‎09-27-2005

Hello.

According to documentation, CSM support all available SSL cipher-suites except NULL-suites (e.g. RSA_WITH_NULL_MD5, RSA_WITH_NULL_SHA).

We intend to use null-suites for authentication purposes and we don't need encryption in SSL because IPSec VPN is implemented.

Could you please tell if CSM supports SSL NULL-suites? Thank you.

smalkeric · ‎10-03-2005

No. CSM does not support SSL null suites. Why would you require CSM to support null suites. What exactly is the problem that you are facing?

ppokrovsky · ‎10-03-2005

The problem exactly is that we have already deployed IPSEC VPN and thus we don't need double encryption (with SSL), but still we don't use IPSEC AH for authentication purposes (only ESP). We also want to use X.509 certificates for server authentication, so we intend to use SSL-terminators for that purpose (SSL handshake is bound stricty to null cipher-suites).

Summary from above: IPSEC-terminators for encryption, SSL-terminators for authentication.

Our local CISCO representative has informed us, that CSS 11000 SCA2 supports null-encryption.

Gilles Dufour · ‎10-04-2005

we do not sell sca anymore.

http://www.cisco.com/en/US/products/hw/contnetw/ps2083/prod_eol_notice0900aecd801cbd19.html

"The last day to order the Cisco SCA 11000 Series and Cisco SCA2 11000 Series secure content accelerators is June 17, 2005."

Could you then do encryption with the ssl module and find a way to not-encrypt https traffic with ipsec.

Gilles.

ppokrovsky · ‎10-04-2005

Gilles,

Nope, we can't do due to legal issues with encryption algorithms and standards.