Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module 發佈版本通知
13
Release Notes for Catalyst 6500 Series SSL Services Module Software Release 1.x
OL-3396-03
Open and Resolved Caveats in Software Release 1.1(1)
•
Do not configure the internal port Ethernet0/0. Any configuration on Ethernet0/0 results in
unexpected behavior of the SSL Services Module. (CSCdy72229)
unexpected behavior of the SSL Services Module. (CSCdy72229)
•
If you enter the clear arp command on the SSL Services Module, all the proxy services go down,
and then come up. (CSCdy77843)
and then come up. (CSCdy77843)
•
When query mode is configured, entering the no crypto ca certificate query command on the
running configuration does not stop the periodic polling for certificates. (CSCdy46075)
running configuration does not stop the periodic polling for certificates. (CSCdy46075)
•
When certificate query mode is configured, an “invalid input” message may be displayed on the
console following a fingerprint. This message is displayed when a certificate is read from NVRAM
on Cisco IOS reboot and does not indicate a real error condition. (CSCdy43112)
console following a fingerprint. This message is displayed when a certificate is read from NVRAM
on Cisco IOS reboot and does not indicate a real error condition. (CSCdy43112)
•
The exportable option in the crypto ca import trustpoint_label pem exportable terminal
passphrase command does not work. The key pair is not marked as exportable after the import
operation succeeds. (CSCed43692)
passphrase command does not work. The key pair is not marked as exportable after the import
operation succeeds. (CSCed43692)
Resolved Caveats in Release 1.2(1)
This section describes resolved caveats in SSL Services Module software release 1.2(1):
•
Cisco IOS software supports only 1-tiered or 2-tiered certificate authority hierarchies.
This problem is resolved in SSL software release 1.2(1). (CSCdy52285)
•
Cisco devices that run Cisco IOS software that contains support for the Secure Shell (SSH) server
are vulnerable to a denial of service (DoS) attack if the SSH server is enabled on the device.
are vulnerable to a denial of service (DoS) attack if the SSH server is enabled on the device.
This vulnerability is documented as Cisco caveat ID CSCdz60229. There are workarounds available
to mitigate the vulnerability. An advisory is posted at this URL:
to mitigate the vulnerability. An advisory is posted at this URL:
http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml
This problem is resolved in SSL software release 1.2(1). (CSCdz60229)
•
Copying a file from a remote server to the running-configuration file using secure file transfer (SCP)
sometimes fails with error 26 (internal error). This problem occurs when the remote server is
running the Linux operating system.
sometimes fails with error 26 (internal error). This problem occurs when the remote server is
running the Linux operating system.
Workaround: Use another file transfer method (FTP or TFTP).
This problem is resolved in SSL software release 1.2(1). (CSCdz15807)
•
If the certificate authority is not reachable during authentication, traceback messages are displayed.
Workaround: Verify that the certificate authority is reachable through the administrative VLAN
from the module before doing authentication or enrollment.
from the module before doing authentication or enrollment.
This problem is resolved in SSL software release 1.2(1). (CSCdx46916)
Open and Resolved Caveats in Software Release 1.1(1)
These sections describe open and resolved caveats in SSL software release 1.1(1):
•
•