14-92

User

Guide

for

the

Cisco

Application

Networking

Manager

5.2

OL-26572-01

Chapter

14

Configuring

Traffic

Policies

Configuring

Actions

Lists

CipherKey

Field

that

appears

only

when

the

Request

field

is

set

to

Session.

Indicate

the

following

session

parameters

to

insert

into

the

HTTP

request:

•

Cipher-Key-Size—Symmetric

cipher

key

size.

•

Cipher-Name—Symmetric

cipher

suite

name.

•

Cipher-Use-Size—Symmetric

cipher

use

size.

•

Id—SSL

Session

ID.

The

default

is

0.

•

Protocol-Version—Version

of

SSL

or

TLS.

•

Step-Up—Use

of

SGC

or

StepUp

cryptography

to

increase

the

level

of

security

by

using

128-bit

encryption.

•

Ve

r

i

f

y

-

R

e

s

u

l

t

—SSL

session

verify

result.

Possible

values

are

as

follows:

–

ok—The

SSL

sessi

on

is

es

tablished.

–

certificate

is

not

yet

valid—The

client

certificate

is

not

yet

valid.

–

certificate

is

expired—The

client

certificate

has

expired.

–

bad

key

size—The

cl

ient

certificate

has

a

bad

key

size.

–

invalid

not

before

field—The

client

certificate

notBefore

field

is

in

an

unrecognized

format.

–

invalid

not

after

field—The

client

certificate

notAfter

field

is

in

an

unrecognized

format.

–

certificate

has

unknown

i

ssuer—The

client

certificate

i

ssuer

is

unknown.

–

certificate

has

bad

signature—The

client

certificate

contains

a

bad

signature.

–

certificate

has

bad

leaf

signature—The

client

certificate

contains

a

bad

leaf

signature.

–

unable

to

decode

issuer

public

key—The

ACE

is

unable

to

decode

the

issuer

public

key.

–

unsupported

certificate—The

client

certificate

is

not

supported.

–

certificate

revoked—

The

client

certificate

has

been

revoked.

–

internal

error—An

internal

error

exists.

For

more

information,

see

the

Cisco

Application

Control

Engine

Module

SSL

Configuration

Guide.

Va

l

u

e

Field

that

appears

only

when

the

Request

field

is

set

to

either

Client-Certificate

or

Server-Certificate.

Choose

one

of

the

following

options:

•

N/A—Specifies

that

the

selected

algorithm

or

cipher

key

is

inserted

without

adding

a

prefix

to

it

or

renaming

it.

•

Prefix—Enables

you

to

specify

a

prefix

string

to

place

before

the

specified

certificate

or

session

field

name.

For

example,

if

you

specify

the

prefix

Acme-SSL

for

the

SSL

session

field

name

Cipher-Name,

then

the

field

name

becomes

Acme-SSL-Session-Cipher-Name.

•

Rename—Enables

you

to

specify

a

new

name

for

the

specified

certificate

or

session

field

name.

Prefix

Field

that

appears

only

when

the

Value

field

is

set

to

Prefix.

Enter

a

quoted

text

string

to

place

before

the

specified

certificate

or

session

field

name.

The

maximum

combined

number

of

prefix

st

ring

and

field

name

characters

that

the

ACE

permits

is

32.

Rename

Field

that

appears

only

when

the

Value

field

is

set

to

Rename.

Enter

a

new

name

to

the

specified

certificate

or

session

field

name.

The

name

must

be

an

unquoted

text

string

with

no

spaces.

The

maximum

number

of

field

name

string

characters

that

the

ACE

permits

is

32.

Table

14-37

SSL

Action

Configuration

Window

Fields

(continued)

Header

Action

Field

Description

/

Action