Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
657
Views
5
Helpful
5
Replies

CSS SSL questions

stuart.christie
Level 1
Level 1

‎03-18-2005 03:14 AM

Hi,

I've got a couple of questions relating to CSS SSL termination which hopefully someone can help with:

- is it possible to terminate an SSL connection on the CSS, pass the session through a cache engine/reverse proxy for content checking, then back to the CSS for reencryption and delivery to the backend HTTPS web server farm?

- when SSL bridging (from HTTPS to HTTPS), does the CSS aggregate several requests before passing them on to the web servers, or is there no real performance gain from the web server point of view?

Thanks

Stuart

Labels:
0 Helpful
5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

‎03-18-2005 05:10 AM

1. yes you can send the traffic to a cache once decrypted and request from cache to webserver can be encrypted by the CSS.

2. requests are not aggregated.

For 1 & 2 you need an SSL module.

The CSS by default does not do SSL functions.

Regards,

Gilles.

murali.sethuraman
Level 1
Level 1
In response to Gilles Dufour

‎03-26-2005 12:08 AM

Hi Giles,

I have a followup question to your response and thanks in advance for your response.

1. SSL aggregation with SSL Module on the CSS 11503.

Is there a ratio by which we can control the backend ssl connection between the module and the real server.

2. How does the aggregation basically happens. (i guess what i mean is how does the tcp sessions get aggregated using, say one ssl tunnel - how the session information be maintained by aggregating)

Thanks again and would appreciate your help.

Best regards,

Murali

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to murali.sethuraman

‎03-26-2005 07:14 AM

as I mentioned in my previous response, we do not do aggregation.

Every connection received by the CSS will trigger a connection with the server.

Regards,

Gilles.

0 Helpful

murali.sethuraman
Level 1
Level 1
In response to Gilles Dufour

‎03-26-2005 08:32 PM

Hi Gilles,

Thanks for the response. I think I misunderstood your initial response.

Will increasing the ssl session cache-time accelerate the backend server (meaning fewer ssl calculations) and are there any real-world drawbacks.

TIA.

Murali

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to murali.sethuraman

‎03-28-2005 05:29 AM

Murali,

you do not reduce ssl calculations by increasing the cache-time.

You just speed up the ssl handshake which is just a fraction of the time needed to send/receive data.

If you have a lot of short connections, this is indeed interesting.

If you have long lasting connections, this is useless.

Drawback is resources available.

If you have a timeout value too high and are getting a lot of connections, you can end up with no more memory.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents