344
To configure an SSL server policy:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an SSL server policy and
enter its view.
ssl server-policy policy-name
By default, no SSL server policy
exists on the device.
3. (Optional.) Specify a PKI
domain for the SSL server policy.
pki-domain domain-name
By default, no PKI domain is
specified for an SSL server
policy.
If SSL server authentication is
required, you must specify a PKI
domain and request a local
certificate for the SSL server in
the domain.
For information about how to
create and configure a PKI
domain, see "Configuring PKI."
4. Specify the cipher suites that the
SSL server policy supports.
• In non-FIPS mode:
ciphersuite
{ dhe_rsa_aes_128_cbc_sha |
exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha } *
• In FIPS mode:
ciphersuite
{ rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha } *
By default, an SSL server policy
supports all cipher suites.
5. Set the maximum number of
sessions that the SSL server can
cache.
session cachesize size
By default, an SSL server can
cache a maximum of 500
sessions.
6. Enable the SSL server to
authenticate SSL clients through
digital certificates.
client-verify enable
By default, SSL client
authentication is disabled.
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters that the client uses to establish a connection to the server.
An SSL client policy takes effect only after it is associated with an application such as the DDNS.
To configure an SSL client policy:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
To Next Page
Loading...
Need help?
General