Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SSL module - incorrect ssl-hello timestamp

We have several ssl modules in a Cat 6500. They are all synched to ntp ok as is the Cat itself.

However, sniffing sessions, the ssl server hellos from the modules are not showing a correct time.

Some show an unresolvable unix time and some show 1970's type time (i.e. looking at if time is a 'default')

I do have periodic (every 24hr) client ssl negotiation issues but not all sessions are affected.

Is the lack of a 'good' time in the ssl server hello an issue which would explain periodic client problems or is this a red herring ?

  • Application Networking
3 REPLIES
Silver

Re: SSL module - incorrect ssl-hello timestamp

Are you sure that the NTP server is configured correctly and is working as expected. Are the other devices showing the correct value for timestamps. What is the firmware running on the Cat switches?

Cisco Employee

Re: SSL module - incorrect ssl-hello timestamp

I don't think the timestamp has anything to do with your issue.

In my lab, some devices have the correct time, some are far off and there is no issue.

I would suggest to play with sniffer trace and try to capture the problem.

Capture frequent show tech as well so we can try to locate some anomalies.

Gilles.

New Member

Re: SSL module - incorrect ssl-hello timestamp

Thanks Gilles. Good to know you have wrong timestamps too with no issues. I was attracted to the timestamp because the issue is intermittent with a 24 hour periodicity.

I've looked at sniffer traces and do see ssl malformed packets as well but these occur on 'good' and 'bad' sessions. So think this is a red herring as well.

Show tech shows absolutely nothing obviously odd but will try to get more.

275
Views
0
Helpful
3
Replies