HP VSR1000 Security Configuration Manual page 294

NOTE:
SSL versions include SSL 2.0, SSL 3.0, and TLS 1.0 (or SSL 3.1). When the device acts as the SSL server,
it can communicate with clients running SSL 3.0 or TLS 1.0. When the server receives an SSL 2.0 Client
Hello message from a client that supports both SSL 2.0 and SSL 3.0/TLS 1.0, it notifies the client to use SSL
3.0 or TLS 1.0 for communication.
To configure an SSL server policy:
Step
1. Enter system view.
2. Create an SSL server policy and
enter its view.
3. (Optional.) Specify a PKI
domain for the SSL server policy.
4. Specify the cipher suites that the
SSL server policy supports.
5. Set the maximum number of
sessions that the SSL server can
cache.
Command
system-view
ssl server-policy policy-name
pki-domain domain-name
•
In non-FIPS mode:
ciphersuite
{ dhe_rsa_aes_128_cbc_sha |
exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha } *
•
In FIPS mode:
ciphersuite
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha } *
session cachesize size
284
Remarks
N/A
By default, no SSL server policy
exists on the device.
By default, no PKI domain is
specified for an SSL server
policy.
If SSL server authentication is
required, you must specify a PKI
domain for the policy to enable
the SSL server to request a
certificate for identity
authentication.
For information about how to
create and configure a PKI
domain, see "Configuring
By default, an SSL server policy
supports all cipher suites.
By default, an SSL server can
cache a maximum of 500
sessions.
PKI."