Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSM-S SSL Proxy, SSL version

I believe I read that the CSM-S can only handle SSL v1 for a SSL proxy... Is that true?

We would like to be utilizing SSL v.3, is the only option passthrough?

Anyone know the timeline until SSLv3 is available via the proxy solution?

Appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSM-S SSL Proxy, SSL version

Hi,

I think there is a confusion about the SSL versions. There is no SSLv1, actually there is SSLv2 and SSLv3 and the stardard called TLSv1 (pretty much the same as SSLv3)

The CSM-S is not able to terminate SSLv2 but it can forwarded toa server that does it.

As for SSLv3 and TLS the CSM-S should handle it with no issues:

Check this about SSLv2 (form Cisco documents):

"The SSL daughter card is not able to terminate SSL version 2.0 (SSLv2) connections. However, you can configure the SSL daughter card to forward SSLv2 connections to another server by entering the sslv2 keyword at the server command. When you configure the SSLv2 server IP address, the SSL daughter card transparently forwards all SSLv2 connections to that server. If you require SSLv2 forwarding, you need to configure the SSLv2 server IP address in addition to the IP address of the server that is used for offloading SSL version 3.0 or Transport Layer Security (TLS) version 1.0 connections."

Taken from:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csms/2.1.1/configuration/guide/ssl_srvc.html#wp1051760

Hope it helps!!

Diego M

1 REPLY
Cisco Employee

Re: CSM-S SSL Proxy, SSL version

Hi,

I think there is a confusion about the SSL versions. There is no SSLv1, actually there is SSLv2 and SSLv3 and the stardard called TLSv1 (pretty much the same as SSLv3)

The CSM-S is not able to terminate SSLv2 but it can forwarded toa server that does it.

As for SSLv3 and TLS the CSM-S should handle it with no issues:

Check this about SSLv2 (form Cisco documents):

"The SSL daughter card is not able to terminate SSL version 2.0 (SSLv2) connections. However, you can configure the SSL daughter card to forward SSLv2 connections to another server by entering the sslv2 keyword at the server command. When you configure the SSLv2 server IP address, the SSL daughter card transparently forwards all SSLv2 connections to that server. If you require SSLv2 forwarding, you need to configure the SSLv2 server IP address in addition to the IP address of the server that is used for offloading SSL version 3.0 or Transport Layer Security (TLS) version 1.0 connections."

Taken from:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csms/2.1.1/configuration/guide/ssl_srvc.html#wp1051760

Hope it helps!!

Diego M

271
Views
0
Helpful
1
Replies
CreatePlease login to create content