11-19

User

Guide

for

the

Cisco

Application

Networking

Manager

5.2

OL-26572-01

Chapter

11

Configuring

SSL

Configuring

SSL

Parameter

Maps

Session

Cache

Timeout

(Milliseconds)

Timeout

value

of

an

SSL

session

ID

to

remain

valid

before

the

ACE

requires

the

full

SSL

handshake

to

establish

a

new

SSL

session.

This

feature

allows

the

ACE

to

reuse

the

master

key

on

subsequent

connections

with

the

client,

which

can

speed

up

the

SSL

negotiation

process.

Valid

entries

are

0

to

72000

milliseconds.

Specifying

a

value

of

0

causes

the

ACE

to

implement

a

least

recently

used

(LRU)

timeout

policy.

By

disabling

this

option

(with

the

no

command),

the

full

SSL

handshake

occurs

for

each

new

connection

with

the

ACE

module.

Reject

Expired

CRL

Certificates

Check

box

t

hat

instructs

t

he

ACE

t

o

reject

any

certificates

listed

on

an

expired

CRL.

Uncheck

the

check

box

to

instruct

the

ACE

to

accept

certificates

listed

on

an

expired

CRL,

which

is

the

default

setting.

Close

Protocol

Behavior

Method

th

at

th

e

ACE

uses

to

cl

ose

t

he

SSL

connection:

•

Disabled—The

ACE

sends

a

close-notify

alert

message

to

the

SSL

peer;

however,

the

SSL

peer

does

not

expect

a

close-notify

alert

before

removing

the

session.

Whether

the

SSL

peer

sends

a

close-notify

alert

message

or

not,

the

session

information

is

preserved,

allowing

session

resumption

for

future

SSL

c

onnections.

•

None—The

ACE

does

not

send

a

close-notify

alert

message

to

the

SSL

peer,

nor

does

the

ACE

expect

a

close-notify

alert

message

from

the

peer.

The

ACE

preserves

the

session

information

so

t

hat

SSL

re

sumption

can

be

used

for

future

SSL

connections.

This

is

t

he

default.

Note

Where

ACE

1.0

is

already

configured

with

the

Strict

option,

ANM

interprets

it

as

th

e

option

None.

This

is

due

to

the

change

in

ACE

1.0

configuration

(which

no

longer

allows

the

Strict

option).

SSL

Version

Version

of

SSL

be

to

used

dur

ing

SSL

co

mmunications:

•

All—The

ACE

uses

both

SSL

v3

and

TLS

v1

in

its

communications

with

its

SSL

peer.

•

SSL3—The

ACE

uses

only

SSL

v3

in

its

communications

with

its

SSL

pe

er.

•

TLS1—The

ACE

uses

only

TLS

v1

in

its

communications

with

its

SSL

peer.

Table

11-9

SSL

Parameter

Map

Attributes

(continued)

Field

Description