Support for Intel Coleto SSL chip based platforms

The following appliances ship with Intel Coleto chips:

  • MPX 5901/5905/5910
  • MPX 8905/8910/8920/8930
  • MPX/SDX 26100-100G/26160-100G/26200-100G
  • MPX/SDX 15020-50G/15030-50G/15040-50G/15060-50G/15080-50G/15100-50G

Use the ‘show hardware’ command to identify whether your appliance has Coleto (COL) chips.

> sh hardware

    Platform: NSMPX-8900 8*CPU+4*F1X+6*E1K+1*E1K+1*COL 8955 30010
    Manufactured on: 10/18/2016
    CPU: 2100MHZ
    Host Id: 0
    Serial no: CRAC5CR8UA
    Encoded serial no: CRAC5CR8UA
 Done

Note: Secure renegotiation is supported on the back end for these platforms.

Limitations:

  • DH 512 cipher is not supported.
  • SSLv3 protocol is not supported.
  • GnuTLS is not supported.
  • ECDSA certificates with ECC curves P_224 and P521 are not supported (Not supported on platforms with Cavium chips also.)
  • DNSSEC offload is not supported. (DNSSEC is supported in software but offload to hardware is not supported.)

Support for Intel Coleto SSL chip based platforms