Configuring An Ssl Server Policy; Configuration Prerequisites; Configuration Procedure - 3Com 4500G Family Configuration Manual

Configuring an SSL Server Policy

An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server
policy takes effect only after it is associated with an application layer protocol, HTTP protocol, for
example.

Configuration Prerequisites

When configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining the
server side certificate. Therefore, before configuring an SSL server policy, you must configure a PKI
domain. For details about PKI domain configuration, refer to PKI Configuration in the Security Volume.

Configuration Procedure

Follow these steps to configure an SSL server policy:
To do...
Enter system view
Create an SSL server policy and
enter its view
Specify a PKI domain for the SSL
server policy
Specify the cipher suite(s) for the
SSL server policy to support
Set the handshake timeout time for
the SSL server
Configure the SSL connection
close mode
Set the maximum number of
cached sessions and the caching
timeout time
Enable certificate-based SSL client
authentication
Use the command...
system-view
ssl server-policy policy-name
pki-domain domain-name
ciphersuite
[ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
handshake timeout time
close-mode wait
session { cachesize size |
timeout time } *
client-verify enable
1-3
Remarks
—
Required
Required
By default, no PKI domain is
specified for an SSL server policy.
Optional
By default, an SSL server policy
supports all cipher suites.
Optional
3,600 seconds by default
Optional
Not wait by default
Optional
The defaults are as follows:
500 for the maximum number of
cached sessions,
3600 seconds for the caching
timeout time.
Optional
Not enabled by default