EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #399 background imageLoading...
Page #399 background image
386
Configuring an SSL server policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server
policy takes effect only after it is associated with an application such as HTTPS.
SSL protocol versions include SSL 2.0, SSL 3.0, and TLS 1.0 (or SSL 3.1). By default, the SSL server
can communicate with clients running SSL 3.0 or TLS 1.0. When the server receives an SSL 2.0
Client Hello message from a client that supports both SSL 2.0 and SSL 3.0/TLS 1.0, it notifies the
client to use SSL 3.0 or TLS 1.0 for communication.
You can disable SSL 3.0 on the device to enhance system security.
In FIPS mode, only TLS 1.0 is supported.
To configure an SSL server policy:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Disable SSL 3.0 on the
device.
ssl version ssl3.0 disable
Optional.
By default, SSL 3.0 is enabled on
the device.
3. Set the encryption mode of
the ESM encryption card to
SSL.
card-mode slot
slot-number
ssl
Required when an ESM
encryption card is used.
This configuration takes effect
after the device reboots.
4. Create an SSL server policy
and enter its view.
ssl server-policy
policy-name N/A
5. Specify a PKI domain for the
SSL server policy.
pki-domain
domain-name
Optional.
By default, no PKI domain is
specified for an SSL server policy,
and the SSL server generates
and signs a certificate for itself
and does not obtain a certificate
from a CA server.
If SSL clients authenticate the
server through a digital certificate,
you must use this command to
specify a PKI domain and request
a local certificate for the SSL
server in the PKI domain.
For information about how to
configure a PKI domain, see
"Configuring PKI."
6. Specify the cipher suites for
the SSL server policy to
support.
• In non-FIPS mode:
ciphersuite
[ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
• In FIPS mode:
ciphersuite
[ dhe_rsa_aes_128_cbc_s
ha |
dhe_rsa_aes_256_cbc_sh
a | rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha ] *
Optional.
By default, an SSL server policy
supports all cipher suites.

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals