To Next Page

To Previous Page

724

Usage guidelines

SSL employs the following algorithms:

• Data encryption algorithms—Encrypt data to ensure privacy. Commonly used data

encryption algorithms are usually symmetric key algorithms, such as DES_CBC,

3DES_EDE_CBC, AES_CBC, and RC4. When using a symmetric key algorithm, the SSL

server and the SSL client must use the same key.

• Message Authentication Code (MAC) algorithms—Calculate the MAC value for data to

ensure integrity. Commonly used MAC algorithms include MD5 and SHA. When using a MAC

algorithm, the SSL server and the SSL client must use the same key.

• Key exchange algorithms—Implement secure exchange of the keys used by the symmetric

key algorithm and the MAC algorithm. Commonly used key exchange algorithms are usually

asymmetric key algorithms, such as RSA.

After the SSL server receives a cipher suite from a client, the server compares the received cipher

suite with the cipher suits it supports. If a match is found, the cipher suite negotiation succeeds. If no

match is found, the negotiation fails.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure SSL server policy policy1 to support the following cipher suites:

• Key exchange algorithm DHE RSA, data encryption algorithm 128-bit AES, and MAC algorithm

SHA.

• Key exchange algorithm RSA, data encryption algorithm 128-bit AES, and MAC algorithm SHA.

<Sysname> system-view

[Sysname] ssl server-policy policy1

[Sysname-ssl-server-policy-policy1] ciphersuite dhe_rsa_aes_128_cbc_sha

rsa_aes_128_cbc_sha

Related commands

display ssl server-policy

prefer-cipher

client-verify

Use client-verify to enable mandatory or optional SSL client authentication.

Use undo client-verify to restore the default.

Syntax

client-verify { enable | optional }

undo client-verify [ enable ]

Default

SSL client authentication is disabled. The SSL server does not authenticate SSL clients based on

digital certificates.

Views

SSL server policy view

Predefined user roles

network-admin

Parameters

enable: Enables mandatory SSL client authentication.

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS