EasyManuals Logo

HPE FlexNetwork 5510 HI Series Security Configuration Guide

HPE FlexNetwork 5510 HI Series
551 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #410 background imageLoading...
Page #410 background image
397
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters that the client uses to establish a connection to the
server. An SSL client policy takes effect only after it is associated with an application such as DDNS.
In Release 1111, you can specify the SSL 3.0 or TLS 1.0 for an SSL client policy:
• If TLS 1.0 is specified and SSL 3.0 is not disabled, the client first uses TLS 1.0 to connect to the
SSL server. If the connection attempt fails, the client uses SSL 3.0.
• If TLS 1.0 is specified and SSL 3.0 is disabled, the client only uses TLS 1.0 to connect to the
SSL server.
• If SSL 3.0 is specified, the client uses SSL 3.0 to connect to the SSL server, whether you disable
SSL 3.0 or not.
As a best practice to enhance system security, disable SSL 3.0 on the device and specify TLS 1.0 for
an SSL client policy.
In Release 1121 and later, the SSL client always uses the SSL protocol version specified for it,
whether you disable the SSL protocol version or not.
To configure an SSL client policy:
Step
Command
Remarks
1. Enter system view.
system-view
N/A
2. (Optional.)
Disable SSL
session renegotiation.
ssl renegotiation disable
By default, SSL session
renegotiation is enabled.
This command
is available in
Release 1121 and later.
3. Create an SSL client policy and
enter its view.
ssl client-policy
policy-name
By default, no SSL client policies
exist on the device.
4. (Optional.) Specify a PKI
domain for the
SSL client
policy.
pki-domain
domain-name
By default, no PKI domain is
specified for an SSL client policy.
If SSL
client authentication is
required, you must specify a PKI
domain and request a local
certificate for the SSL client in
the PKI domain.
For information about
how to
create and configure a PKI
domain, see "
Configuring PKI."
5.
Specify the preferred cipher
suite for the SSL client policy.
In Release 1111:
• In non-FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_s
ha |
dhe_rsa_aes_256_cbc_sh
a | exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
• In FIPS mode:
• In non-FIPS mode:
The default preferred cipher
suite is rsa_rc4_128_md5.
• In FIPS mode:
The default preferred cipher
suite is
rsa_aes_128_cbc_sha.

Table of Contents

Other manuals for HPE FlexNetwork 5510 HI Series

Preview: Configuration Guide
Configuration Guide572 pages
Preview: Fundamentals Configuration Guide
Fundamentals Configuration Guide209 pages
Preview: Layer 3 - Ip Routing Configuration Guide
Layer 3 - Ip Routing Configuration Guide486 pages
Preview: Network Management And Monitoring Configuration Guide
Network Management And Monitoring Configuration Guide331 pages
Preview: Macsec Configuration Guide
Macsec Configuration Guide27 pages
Preview: Acl And Qos Configuration Guide
Acl And Qos Configuration Guide114 pages
Preview: Mpls Configuration Guide
Mpls Configuration Guide505 pages
Preview: Openflow Configuration Guide
Openflow Configuration Guide39 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork 5510 HI Series and is the answer not in the manual?

HPE FlexNetwork 5510 HI Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork 5510 HI Series
CategorySwitch
LanguageEnglish

Related product manuals