SSL TCL Probe Script

carlsond · ‎06-22-2005

I am using the SSL probe script that Cisco provides. I would like to modify the script to send a "close connection" command to the server rather than just closing the socket on the CSM and leaving the server "hanging". Does anyone have any ideas on how to accomplish this?

Gilles Dufour · ‎06-22-2005

the CSM will close the connection using a RESET.

It does not leave the connection open.

If your server is not happy about the RESET, you can create a script and close the connection with a FIN using the graceful socket option.

I would recommend the following 2 links.

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_tech_note09186a00802c1155.shtml

http://www.cisco.com/en/US/products/hw/switches/ps708/module_installation_and_configuration_guides_chapter09186a00802003ba.html

Finally, from the software download center you can download the Cisco TCL script.

Get them and use them to create your own script.

Gilles.

carlsond · ‎06-28-2005

I followed the documentation and replaced the "close $sock" command with "set $sock [ socket -graceful $ip $port ]". I'm using the quotes to seperate the command I did not actually use them in the script.

The script seems to be running ok, it's returning an exit status of 5000 but I'm still getting the following error on the Apache server.

[28/Jun/2005 13:56:36 00898] [error] SSL call to NZ function nzos_Handshake failed with error 28864 (server login.it-test.world.abc.com:443, client 10.249.177.1)

[28/Jun/2005 13:56:36 00898] [error] SSL IO error [Hint: the client stop the connection unexpectedly]

Any ideas??

carlsond · ‎07-19-2005

I have been told that TCL is not supported and the function is probably broke. Nice! :-(