Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSM: supported SSL cypher-cuites


According to documentation, CSM support all available SSL cipher-suites except NULL-suites (e.g. RSA_WITH_NULL_MD5, RSA_WITH_NULL_SHA).

We intend to use null-suites for authentication purposes and we don't need encryption in SSL because IPSec VPN is implemented.

Could you please tell if CSM supports SSL NULL-suites? Thank you.


Re: CSM: supported SSL cypher-cuites

No. CSM does not support SSL null suites. Why would you require CSM to support null suites. What exactly is the problem that you are facing?

New Member

Re: CSM: supported SSL cypher-cuites

The problem exactly is that we have already deployed IPSEC VPN and thus we don't need double encryption (with SSL), but still we don't use IPSEC AH for authentication purposes (only ESP). We also want to use X.509 certificates for server authentication, so we intend to use SSL-terminators for that purpose (SSL handshake is bound stricty to null cipher-suites).

Summary from above: IPSEC-terminators for encryption, SSL-terminators for authentication.

Our local CISCO representative has informed us, that CSS 11000 SCA2 supports null-encryption.

Cisco Employee

Re: CSM: supported SSL cypher-cuites

we do not sell sca anymore.

"The last day to order the Cisco SCA 11000 Series and Cisco SCA2 11000 Series secure content accelerators is June 17, 2005."

Could you then do encryption with the ssl module and find a way to not-encrypt https traffic with ipsec.


New Member

Re: CSM: supported SSL cypher-cuites


Nope, we can't do due to legal issues with encryption algorithms and standards.

CreatePlease login to create content