CSM-S SSL Proxy, SSL version

Answered Question
Mar 3rd, 2008
User Badges:

I believe I read that the CSM-S can only handle SSL v1 for a SSL proxy... Is that true?


We would like to be utilizing SSL v.3, is the only option passthrough?


Anyone know the timeline until SSLv3 is available via the proxy solution?


Appreciated.

Correct Answer by Diego Vargas about 9 years 1 month ago

Hi,


I think there is a confusion about the SSL versions. There is no SSLv1, actually there is SSLv2 and SSLv3 and the stardard called TLSv1 (pretty much the same as SSLv3)


The CSM-S is not able to terminate SSLv2 but it can forwarded toa server that does it.


As for SSLv3 and TLS the CSM-S should handle it with no issues:


Check this about SSLv2 (form Cisco documents):


"The SSL daughter card is not able to terminate SSL version 2.0 (SSLv2) connections. However, you can configure the SSL daughter card to forward SSLv2 connections to another server by entering the sslv2 keyword at the server command. When you configure the SSLv2 server IP address, the SSL daughter card transparently forwards all SSLv2 connections to that server. If you require SSLv2 forwarding, you need to configure the SSLv2 server IP address in addition to the IP address of the server that is used for offloading SSL version 3.0 or Transport Layer Security (TLS) version 1.0 connections."


Taken from:


http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csms/2.1.1/configuration/guide/ssl_srvc.html#wp1051760


Hope it helps!!


Diego M

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Diego Vargas Mon, 03/03/2008 - 13:24
User Badges:
  • Cisco Employee,

Hi,


I think there is a confusion about the SSL versions. There is no SSLv1, actually there is SSLv2 and SSLv3 and the stardard called TLSv1 (pretty much the same as SSLv3)


The CSM-S is not able to terminate SSLv2 but it can forwarded toa server that does it.


As for SSLv3 and TLS the CSM-S should handle it with no issues:


Check this about SSLv2 (form Cisco documents):


"The SSL daughter card is not able to terminate SSL version 2.0 (SSLv2) connections. However, you can configure the SSL daughter card to forward SSLv2 connections to another server by entering the sslv2 keyword at the server command. When you configure the SSLv2 server IP address, the SSL daughter card transparently forwards all SSLv2 connections to that server. If you require SSLv2 forwarding, you need to configure the SSLv2 server IP address in addition to the IP address of the server that is used for offloading SSL version 3.0 or Transport Layer Security (TLS) version 1.0 connections."


Taken from:


http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csms/2.1.1/configuration/guide/ssl_srvc.html#wp1051760


Hope it helps!!


Diego M

Actions

This Discussion