EasyManuals Logo
Home>HPE>Network Router>FlexNetwork MSR Series

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #400 background imageLoading...
Page #400 background image
387
Step Command Remarks
7. Set the handshake timeout
time for the SSL server.
handshake timeout
time
Optional.
The default handshake timeout
time is 3600 seconds.
8. Set the SSL connection
close mode.
close-mode wait
Optional.
By default, An SSL server sends a
close-notify alert message to the
client and closes the connection
without waiting for the close-notify
alert message from the client.
9. Set the maximum number of
cached sessions and the
caching timeout time.
session
{
cachesize
size
|
timeout
time } *
Optional.
The defaults are as follows:
• 500 for the maximum
number of cached sessions.
• 3600 seconds for the
caching timeout time.
10. Configure the server to
require certificate-based
SSL client authentication.
client-verify enable
Optional.
By default, the SSL server does
not require the client to be
authenticated.
11. Enable SSL client weak
authentication.
client-verify weaken
Optional.
Disabled by default.
This command takes effect only
when the
client-verify enable
command is configured.
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An
SSL client policy takes effect only after it is associated with an application layer protocol.
You can specify the SSL protocol version (SSL 3.0 or TLS 1.0) for an SSL client policy:
• If TLS 1.0 is specified and SSL 3.0 is not disabled, the client first uses TLS 1.0 to connect to the
SSL server. If the connection attempt fails, the client uses SSL 3.0.
• If TLS 1.0 is specified and SSL 3.0 is disabled, the client only uses TLS 1.0 to connect to the
SSL server.
• If SSL 3.0 is specified, the client uses SSL 3.0 to connect to the SSL server, whether you disable
SSL 3.0 or not.
As a best practice to enhance system security, disable SSL 3.0 on the device and specify TLS 1.0 for
an SSL client policy.
To configure an SSL client policy:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Disable SSL 3.0 on the
device.
ssl version ssl3.0 disable
Optional.
By default, SSL 3.0 is enabled on
the device.
3. Create an SSL client policy
and enter its view.
ssl client-policy
policy-name
N/A

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals