Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS/SSL termination - cypher negotiation Q

Hi everyone

question regarding SSL termination on CSS/SSL module.

I have several several cyphers in my ssl-proxy list,

What is the algorithm to choose the cypher ?

I may assume that CSS and browser negotiate it during SSL session establishing.

The testing shows that same browser gets different cyphers when it hits

different CSSs (cyphers are in the same order in proxy-lists on CSSs)

Thanks

Alex

2 REPLIES
Cisco Employee

Re: CSS/SSL termination - cypher negotiation Q

Alex,

it's not really an algorithm.

The browser selects the first cipher that matches its requirements in the list presented by the server/CSS.

The CSS builds a list in the order of weight.

If you did not specify any weight, the list can be random depending in which order you entered the command.

I would say, if you want a specific cipher to be selected, use a highest weight for this cipher.

Gilles.

New Member

Re: CSS/SSL termination - cypher negotiation Q

Thanks Gilles,

this is exactly what I am looking for,

I missed it in docs

regards,

Alex

224
Views
9
Helpful
2
Replies
CreatePlease login to create content