Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module 發佈版本通知
11
Release Notes for Catalyst 6500 Series SSL Services Module Software Release 1.x
OL-3396-03
Open and Resolved Caveats in Software Release 1.2(1)
Open and Resolved Caveats in Software Release 1.2(1)
These sections describe open and resolved caveats in SSL software release 1.2(1):
•
•
Open Caveats in Release 1.2(1)
This section describes open caveats for the SSL Services Module software release 1.2(1).
•
When you save your configuration using the copy system:running-config nvram:startup-config
command with the /erase option, both the current and the backup buffers in NVRAM are erased
before the running configuration is saved into NVRAM. If a power failure or reboot occurs after the
buffers are erased but before the running configuration is saved, both configurations could be lost.
command with the /erase option, both the current and the backup buffers in NVRAM are erased
before the running configuration is saved into NVRAM. If a power failure or reboot occurs after the
buffers are erased but before the running configuration is saved, both configurations could be lost.
Workaround: Do not enter the /erase option. (CSCea90674)
Note
If you do not enter the /erase option, part of the old private configuration file might remain
in NVRAM.
in NVRAM.
•
When you upgrade the maintenance partition image to version 1.2(1) using the application partition
image version 1.2(1), an “upgrade failed” message might be displayed on the console. However, the
maintenance partition image upgrades successfully. (CSCin43421)
image version 1.2(1), an “upgrade failed” message might be displayed on the console. However, the
maintenance partition image upgrades successfully. (CSCin43421)
•
Importing a self-signed certificate with the key pair of the issuer is not supported by the IOS PKI
system. (CSCea48145)
system. (CSCea48145)
•
Windows 2000 certificate authorities occasionally reject certificate enrollment requests issued by
the SSL Services Module. The problem originated with the SCEP DLL, and is fixed on the .net
version of the certificate authority, but not on the Windows 2000 version.
the SSL Services Module. The problem originated with the SCEP DLL, and is fixed on the .net
version of the certificate authority, but not on the Windows 2000 version.
Workaround: Restart the certificate authority, and issue the enrollment request again.
(CSCea53069)
(CSCea53069)
•
When you run the cryptographic self-test, run-time performance is impacted. Run the self-test to
troubleshoot persistent failures in cryptographic operations. When you finish troubleshooting, stop
the test. If you run the cryptographic self-test continuously for more than three days, the system
could exhaust memory and fail to set up new connections or forward traffic under heavy loads.
troubleshoot persistent failures in cryptographic operations. When you finish troubleshooting, stop
the test. If you run the cryptographic self-test continuously for more than three days, the system
could exhaust memory and fail to set up new connections or forward traffic under heavy loads.
Workaround: Reboot the system to regain the memory. (CSCed39184)
•
If you attempt to upgrade the software image on an SSL Services Module through the main console
and with a Telnet session simultaneously, the upgrade may not succeed. (CSCdy87947)
and with a Telnet session simultaneously, the upgrade may not succeed. (CSCdy87947)
•
TACACS authentication is not supported in SSL Services Module. (CSCea76618)
•
If there is more than one level of certificate authority, only the lowest level certificate authority
trustpoint that is authenticated and enrolled is exported in PEM files.
trustpoint that is authenticated and enrolled is exported in PEM files.
Workaround: Export the enrolled trustpoint to a PKCS12 file. All levels of CA trustpoints in the
certificate chain will be automatically included in the same file. (CSCea75462)
certificate chain will be automatically included in the same file. (CSCea75462)
•
There is no help string for the test crypto pki self command, and the generated self-signed
certificate is not displayed by the show crypto ca certificate command. (CSCea50887)
certificate is not displayed by the show crypto ca certificate command. (CSCea50887)