282
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non
-FIPS mode.
SSL configuration task list
Complete the following tasks to configure SSL:
Task Remarks
Configuring an SSL server policy Required
Configuring an SSL client policy Optional
Configuring an SSL server policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server policy
takes effect only after it is associated with an application layer protocol such as HTTP protocol.
Configuration prerequisites
Configure the PKI domain for the SSL server policy to use to obtain the server side certificate. For more
information about PKI domain configuration, see the chapter "PKI configuration."
Configuration procedure
Follow these steps to configure an SSL server policy:
To do... Use the command...
Remarks
Enter system view system-view —
Create an SSL server policy and
enter its view
ssl server-policy policy-name Required
Specify a PKI domain for the SSL
server policy
pki-domain domain-name
Required
By default, no PKI domain is
specified for an SSL server policy.
Specify the cipher suites that the
SSL server policy supports
• In non-FIPS mode:
ciphersuite
[ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
• In FIPS mode
ciphersuite
[ dhe_rsa_aes_128_cbc_sha |
rsa_aes_128_cbc_sha ] *
Optional
By default, an SSL server policy
supports all cipher suites.
Set the handshake timeout time for
the SSL server
handshake timeout time
Optional
3,600 seconds by default
To Next Page
Loading...
