1208 CHAPTER 95: SSL CONFIGURATION
■ SSL change cipher spec protocol: Used for notification between a client and the
server that the subsequent packets are to be protected and transmitted based
on the newly negotiated cipher suite and key.
■ SSL alert protocol: Allowing a client and the server to send alert messages to
each other. An alert message contains the alert severity level and a description.
■ SSL record protocol: Fragmenting and compressing data to be transmitted,
calculating and adding MAC to the data, and encrypting the data before
transmitting it to the peer end.
SSL Configuration
Task List
Different parameters are required on the SSL server and the SSL client.
Complete the following tasks to configure SSL:
Configuring an SSL
Server Policy
An SSL server policy is a set of SSL parameters for a server to use when booting
up. An SSL server policy takes effect only after it is associated with an application
layer protocol, HTTP protocol, for example.
Configuration
Prerequisites
Before configuring an SSL server policy, you must configure a PKI (public key
infrastructure) domain.
Configuration Procedure Follow these steps to configure an SSL server policy:
Task Remarks
“Configuring an SSL Server Policy” on page 1208 Required
“Configuring an SSL Client Policy” on page 1210 Optional
To do… Use the command… Remarks
Enter system view system-view -
Create an SSL server policy
and enter its view
ssl server-policy policy-name Required
Specify a PKI domain for
the SSL server policy
pki-domain domain-name Required
By default, no PKI domain is
specified for an SSL server policy.
Specify the cipher suite(s)
for the SSL server policy to
support
ciphersuite
[ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
Optional
By default, an SSL server policy
supports all cipher suites.
Set the handshake timeout
time for the SSL server
handshake timeout time Optional
3,600 seconds by default
Configure the SSL
connection close mode
close-mode wait Optional
Not wait by default
To Next Page
Loading...
