278
View
SSL client policy view
Default level
2: System level
Parameters
None
Description
Use the server-verify enable command to enable certificate-based SSL server authentication so that the
SSL client authenticates the server by the server's certificate during the SSL handshake process.
Use the undo server-verify enable command to disable certificate-based SSL server authentication.
When certificate-based SSL server authentication is disabled, it is assumed that the SSL server is valid.
By default, certificate-based SSL server authentication is enabled.
Related commands: display ssl client-policy.
Examples
# Enable certificate-based SSL server authentication.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] server-verify enable
session
Syntax
session { cachesize size | timeout time } *
undo session { cachesize | timeout } *
View
SSL server policy view
Default level
2: System level
Parameters
cachesize size: Specifies the maximum number of cached sessions, in the range 100 to 1000.
timeout time: Specifies the caching timeout time in seconds, in the range 1800 to 72000.
Description
Use the session command to set the maximum number of cached sessions and the caching timeout time.
Use the undo session command to restore the default.
By default, the maximum number of cached sessions is 500 and the caching timeout time is 3600
seconds.
It is a complicated process to use the SSL handshake protocol to negotiate session parameters and
establish sessions. To simplify the process, SSL allows reusing negotiated session parameters to establish
sessions. This feature requires that the SSL server maintain information about existing sessions.
The number of cached sessions and the session information caching time are limited:
To Next Page
Loading...
