Support for Intel Coleto SSL chip based platforms
The following appliances ship with Intel Coleto chips:
- MPX 5900
- MPX/SDX 8900
- MPX/SDX 15000
- MPX/SDX 15000-50G
- MPX/SDX 26000
- MPX/SDX 26000-50S
- MPX/SDX 26000-100G
Use the ‘show hardware’ command to identify whether your appliance has Coleto (COL) chips.
> sh hardware Platform: NSMPX-8900 8*CPU+4*F1X+6*E1K+1*E1K+1*COL 8955 30010 Manufactured on: 10/18/2016 CPU: 2100MHZ Host Id: 0 Serial no: CRAC5CR8UA Encoded serial no: CRAC5CR8UA Done
Note: Secure renegotiation is supported on the back end for these platforms.
- DH 512 cipher is not supported.
- SSLv3 protocol is not supported.
- Hardware security module (HSM) is not supported.
- GnuTLS is not supported.
- ECDSA certificates with ECC curves P_224 and P521 are not supported (Not supported on platforms with Cavium chips also.)
- DNSSEC offload is not supported. (DNSSEC is supported in software but offload to hardware is not supported.)
View the SSL chip utilization on Citrix ADC MPX platforms
From release 13.0 build 47.x, you can view the SSL chip utilization on MPX platforms that ship with Intel Coleto chips. The command is not supported on the SDX platform.
At the command prompt, type:
> stat ssl SSL Summary # SSL cards present 4 # SSL cards UP 4 SSL engine status 1 SSL sessions (Rate) 0 SSL Crypto Utilization Asym (%) 67 SSL Crypto Utilization Symm (%) 19