System Security Command Reference Guide for Cisco NCS 6000 Routers
Secure Socket Layer Protocol Commands
Downloads: This chapterpdf (PDF - 1.24MB) The complete bookPDF (PDF - 3.34MB) | Feedback

Secure Socket Layer Protocol Commands

Secure Socket Layer Protocol Commands

This module describes the commands used to configure the Secure Socket Layer (SSL) protocol.

For detailed information about SSL concepts, configuration tasks, and examples, see the Implementing Secure Socket Layer on module in the System Security Configuration Guide for Cisco NCS 6000 Series Routers.

show ssl

To display active Secure Socket Layer (SSL) sessions, use the show ssl command.

show ssl [process-id]

Syntax Description

process-id

(Optional) Process ID (PID) of the SSL application. The range is from 1 to 1000000000.

Command Default

None

Command Modes

XR EXEC

Command History

Release

Modification

Release 5.0.0

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

To display a specific process, enter the process ID number. To get a specific process ID number, enter run pidin from the command line or from a shell.

The absence of any argument produces a display that shows all processes that are running SSL.

Task ID

Task ID

Operations

crypto

read

The following sample output is from the show ssl command:

RP/0/RP0/CPU0:router# show ssl

PID         Method      Type        Peer                Port    Cipher-Suite 
============================================================================

1261711     sslv3       Server      172.16.0.5          1296    DES-CBC3-SHA

This table describes the fields shown in the display.

Table 1 show ssl Field Descriptions

Field

Description

PID

Process ID of the SSL application.

Method

Protocol version (sslv2, sslv3, sslv23, or tlsv1).

Type

SSL client or server.

Peer

IP address of the SSL peer.

Port

Port number on which the SSL traffic is sent.

Cipher-Suite

Exact cipher suite chosen for the SSL traffic. The first portion indicates the encryption, the second portion the hash or integrity method. In the sample display, the encryption is Triple DES and the Integrity (message digest algorithm) is SHA.

Related Commands

Command

Description

run pidin

Displays the process ID for all processes that are running.