Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module Release Notes
5
Release Notes for Catalyst 6500 Series Switch SSL Services Module Software Release 2.x
OL-5277-13
Features in Software Release 1.1 Through 1.2
–
CISCO-SSL-PROXY-CAPABILITY
•
CiscoView Device Manager for Cisco Catalyst 6500 Series SSL SM 1.0 (CVDM-SSLSM)
CVDM-SSLSM enables users to easily configure Secure Socket Layer (SSL) services on their SSL
Services Module. It is a task-based tool that allows users to take advantage of the versatility of their
SSL Services Module. It offers configuration wizards based on best practices in tasks such as setting
up Trustpoints and proxy services.
Services Module. It is a task-based tool that allows users to take advantage of the versatility of their
SSL Services Module. It offers configuration wizards based on best practices in tasks such as setting
up Trustpoints and proxy services.
To access all CiscoView Device Manager documentation, go to this URL:
Features in Software Release 1.1 Through 1.2
For a complete list of features for SSL software releases 1.1 through 1.2, refer to the Release Notes for
Catalyst 6500 Series SSL Services Module Software Release 1.x at this URL:
Catalyst 6500 Series SSL Services Module Software Release 1.x at this URL:
New and Changed Information
This section describes new and changed information for all 2.1(x) software releases:
•
The ssl-proxy device-check interval msec reset-limit limit command is introduced. This command
is normally disabled (device check interval is 0). If the command is enabled, the SSLM checks the
crypto device at every interval for proper operation. If there are outstanding requests older than the
request interval, the crypto device is reset to return to operational status. A reset limit can also be
configured. If the reset limit is set to default (zero), there is no limit. If the reset limit is non zero,
the SSLM reboots if the device is reset for more than the reset-limit number of consecutive poll
intervals. The change is added in SSL software release 2.1(13). (CSCtj13900)
is normally disabled (device check interval is 0). If the command is enabled, the SSLM checks the
crypto device at every interval for proper operation. If there are outstanding requests older than the
request interval, the crypto device is reset to return to operational status. A reset limit can also be
configured. If the reset limit is set to default (zero), there is no limit. If the reset limit is non zero,
the SSLM reboots if the device is reset for more than the reset-limit number of consecutive poll
intervals. The change is added in SSL software release 2.1(13). (CSCtj13900)
•
The following new counters are introduced to the show ssl-proxy stats ssl command. The change is
added in SSL software release 2.1(13). (CSCti85702, CSCtj13900)
added in SSL software release 2.1(13). (CSCti85702, CSCtj13900)
Http headers removed: The number of headers removed.
Http header removal errs: The number of parse errors encountered while attempting to remove a
header.
header.
available ctx count: The number of free-request elements in the free pool. Under no-load
conditions, the available ctx count should be 64. Values less than 64 correspond to pending requests
for the crypto device.
conditions, the available ctx count should be 64. Values less than 64 correspond to pending requests
for the crypto device.
ctx cleanup count: The number of request elements that were made available by resetting the crypto
device.
device.
device reset count: The number of times the crypto device was reset.
•
The pre-remove-http-hdr option in the policy http-header command is introduced. This command
instructs the SSLM to remove HTTP headers from the requests received by the SSLM if the field
name exactly matches a header that the SSLM may insert. The header field names are:
instructs the SSLM to remove HTTP headers from the requests received by the SSLM if the field
name exactly matches a header that the SSLM may insert. The header field names are:
Client-IP
Client-Port
Session-Id
Session-Step-Up