Displaying And Maintaining Ssl; Troubleshooting Ssl; Ssl Handshake Failure - H3C S5120-SI Series Configuration Manual
Hide thumbs
Also See for S5120-SI Series:
- Command reference manual (910 pages) ,
- Operation manual (697 pages) ,
- Configuration manual (183 pages)
Table of Contents
Advertisement
To do...
Create an SSL client policy and
enter its view
Specify a PKI domain for the
SSL client policy
Specify the preferred cipher
suite for the SSL client policy
Specify the SSL protocol
version for the SSL client policy
If you enable client authentication on the server, you must request a local certificate for the client.
Displaying and Maintaining SSL
To do...
Display SSL server policy
information
Display SSL client policy
information
Troubleshooting SSL
SSL Handshake Failure
Symptom
As the SSL server, the device fails to handshake with the SSL client.
Analysis
SSL handshake failure may result from the following causes:
The SSL client is configured to authenticate the SSL server, but the SSL server has no certificate or
the certificate is not trusted.
The SSL server is configured to authenticate the SSL client, but the SSL client has no certificate or
the certificate is not trusted.
The server and the client have no matching cipher suite.
Use the command...
ssl client-policy policy-name
pki-domain domain-name
prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
version { ssl3.0 | tls1.0 }
Use the command...
display ssl server-policy
{ policy-name | all }
display ssl client-policy
{ policy-name | all }
1-7
Remarks
Required
Optional
No PKI domain is configured by
default.
Optional
rsa_rc4_128_md5 by default
Optional
TLS 1.0 by default
Remarks
Available in any view
Advertisement
Chapters
Table of Contents
Troubleshooting
