User's Manual

If you enter the timeout session timeout command without the absolute keyword, the specified timeout

becomes the maximum timeout and a best-effort is made to keep the session entry in the session cache.

If the session cache runs out of session entries, the session entry that is currently being used is removed

When you enter the cert-req empty command, the WebVPN Services Module backend service always

returns the certificate associated with the trustpoint and does not look for CA-name match. By default,

the WebVPN Services Module always looks for the CA-name match before returning the certificate. If

handshake fails.

By default, the WebVPN Services Module uses the maximum supported SSL protocol version (SSL2.0,

SSL3.0, TLS1.0) in the ClientHello message. Enter the tls-rollback [current | any] command if the SSL

client uses the negotiated version instead of the maximum supported version (as specified in the

ClientHello message).

When you enter the tls-rollback current command, the SSL protocol version can be either the maximum

supported version or the negotiated version.

When you enter the tls-rollback any command, the SSL protocol version is not checked at all.

This example shows how to disable the SSL session closing protocol:

These examples shows how to set a specific command to its default setting: