Does the CSS support TLS termination

attendacco · ‎06-16-2005

I would like to use the CSS to termninate SMTP TLS connections. In the cisco documentation in mentions that the CSS supports TLS version 1. However there is no documentation of configuration etc. Can anyone explain how this works on the CSS or if I will need another device like the SCA?

Gilles Dufour · ‎06-16-2005

you need another device or a specific module on the CSS to terminate TLS/SSL.

This module is called CSS5-SSL and only exist for CSS11503 and CSS11506.

If you do not have one of these CSS you can't terminate SSL on the CSS.

You could have used an SCA but the SCA is end-of-sale so it will be difficult to find one and you won't get support for it.

Regards,

Gilles.

attendacco · ‎06-16-2005

thank you for the reply... I know that you need to use an SSL module to terminate SSL connections. We currently have many clients that terminate SSL but none that use it for TLS.

I just couldn't find documentation how the CSS SSL module handles TLS. The only reference to TLS is that it supports TLS version 1 and there is information on how to change the ssl version to TLS but nothing else.

IS there any other documentation on this or is it as simple as configuring the CSS as you would for SSL with ssl-proxy-lists and specifying ssl-server rsakeys, vips and cipher suites and letting the SSL module do everything?

Gilles Dufour · ‎06-20-2005

if you have a working config for ssl, you don't need to add anything for TLS. It will work as well.

Gilles.