Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Security impact of disabling SSL closure alerts on content switch?

Hi: I am some troubleshooting application issues at the SSL layer. Based on some known IE bugs and Cisco workarounds for the Content Switch with SSL accelerator, we are planning to disable the

functionality where the content switch does not send SSL Closure alerts.

Wondering if anyone out there have any thoughts on if this (disabling SSL Closure Alerts at server) will have any impacts and/or if there are any security vulnerabilities?

Thanks

Ravi

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: Security impact of disabling SSL closure alerts on content s

For the CSM = "close-protocol none" tells the SSL module not

to send the SSL close-notify alert while closing the connection.

One of the ramifications of this could be that client IE browser might

not negotiate the resumed SSL session for the subsequent ssl

conenction..

This does not harm the functionality, might result in degraded

performance since SSL module will have to establish more new sessions

instead of resumed session.

1 REPLY
Silver

Re: Security impact of disabling SSL closure alerts on content s

For the CSM = "close-protocol none" tells the SSL module not

to send the SSL close-notify alert while closing the connection.

One of the ramifications of this could be that client IE browser might

not negotiate the resumed SSL session for the subsequent ssl

conenction..

This does not harm the functionality, might result in degraded

performance since SSL module will have to establish more new sessions

instead of resumed session.

96
Views
0
Helpful
1
Replies
CreatePlease login to create content