Displaying And Maintaining Ssl; Ssl Server Policy Configuration Example - HPE FlexNetwork MSR Series Comware 5 Security Configuration Manual

Step
4. Specify a PKI domain for the
SSL client policy.
5. Specify the preferred cipher
suite for the SSL client
policy.
6. Specify the SSL protocol
version for the SSL client
policy.
7. Enable certificate-based
SSL server authentication.

Displaying and maintaining SSL

Task
Display SSL server policy
information.
Display SSL client policy
information.

SSL server policy configuration example

Network requirements
As shown in
To prevent illegal users' access and to make sure data is not eavesdropped or tampered with,
configure SSL on the device so that users must use HTTPS to log in to the Web interface of the
device.
In this example, the CA server runs Windows Server and has the SCEP plug-in installed.
Command
pki-domain domain-name
•
•
version { ssl3.0 | tls1.0 }
server-verify enable
Command
display ssl server-policy { policy-name | all } [ | { begin |
exclude | include } regular-expression ]
display ssl client-policy { policy-name | all } [ | { begin |
exclude | include } regular-expression ]
Figure 133, users need to access and control the device through Web page.
In non-FIPS mode:
prefer-cipher
{ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
In FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_s
ha |
dhe_rsa_aes_256_cbc_sh
a | rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
388
Remarks
Optional.
No PKI domain is specified by
default.
If the SSL server authenticates
the SSL client through a digital
certificate, you must use this
command to specify a PKI domain
and request a local certificate for
the SSL client in the PKI domain.
For information about how to
configure a PKI domain, see
"Configuring PKI."
Optional.
rsa_rc4_128_md5 by default.
Optional.
TLS 1.0 by default.
Optional.
Enabled by default.
Remarks
Available in any
view.
Available in any
view.