Support for Intel Coleto SSL chip based platforms
The following appliances ship with Intel Coleto chips:
- MPX 59xx
- MPX/SDX 89xx
- MPX/SDX MPX 26xxx
- MPX/SDX 26xxx-50S
- MPX/SDX 26xxx-100G
- MPX/SDX 15xxx-50G
Use the ‘show hardware’ command to identify whether your appliance has Coleto (COL) chips.
> sh hardware Platform: NSMPX-8900 8*CPU+4*F1X+6*E1K+1*E1K+1*COL 8955 30010 Manufactured on: 10/18/2016 CPU: 2100MHZ Host Id: 0 Serial no: CRAC5CR8UA Encoded serial no: CRAC5CR8UA Done
Note: Secure renegotiation is supported on the back end for these platforms.
- DH 512 cipher is not supported.
- SSLv3 protocol is not supported.
- Hardware security module (HSM) is not supported.
- GnuTLS is not supported.
- ECDSA certificates with ECC curves P_224 and P521 are not supported (Not supported on platforms with Cavium chips also.)
- DNSSEC offload is not supported. (DNSSEC is supported in software but offload to hardware is not supported.)
View the SSL chip utilization
From release 13.0 build 47.x, you can view the SSL chip utilization on appliances that ship with Intel Coleto chips.
At the command prompt, type:
> stat ssl SSL Summary # SSL cards present 4 # SSL cards UP 4 SSL engine status 1 SSL sessions (Rate) 0 SSL Crypto Utilization Asym (%) 67 SSL Crypto Utilization Symm (%) 19