CSS SSL module sending TLSv1 type 21 errors

Unanswered Question
Mar 19th, 2009

I have a CSS 11503, version 8.02, with an SSL module. The CSS takes the SSL data, decrypts it, passes it back to the servers, and encrypts it before handing it back to the clients.

Users were complaining of latency so I setup a sniffer. I am finding TLSv1 encrypted alerts that are type 21. I also see tons of retransmits. I have check the physically layer roughly a million times and am not seeing anything to indicate a layer one problem.

Any idea what is going on? Or...is there a way to dump the errors from the CSS before they get encrypted onto the wire?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kristyorr Wed, 10/20/2010 - 17:39

There was a bug in the IOS of the 2950 switch the CSS was connected to.  Finally found it by noticing the high number on the input queues for the

attached switchports.

ewood@lighthous... Wed, 08/08/2012 - 09:26

Hi Kristy, I know this was a while back for you, but I think I am seeing the same issue. Do you happen to remember what version of IOS you had to install to resolve the bug?

Actions

This Discussion