HP 6600 Security Configuration Manual page 365

SSL versions include SSL 2.0, SSL 3.0, and TLS 1.0 (or SSL 3.1). When the device acts as the SSL server,
it can communicate with clients running SSL 3.0 or TLS 1.0, and can identify the SSL 2.0 Client Hello
message from a client supporting both SSL 2.0 and SSL 3.0/TLS 1.0, and notify the client to use SSL 3.0
or TLS 1.0 for communication. In FIPS mode, only TLS 1.0 is supported.
To configure an SSL server policy:
Step
1. Enter system view.
2. Create an SSL server policy
and enter its view.
3. Specify a PKI domain for the
SSL server policy.
4. Specify the cipher suite(s) for
the SSL server policy to
support.
5. Set the handshake timeout
time for the SSL server.
6. Set the SSL connection close
mode.
Command
system-view
ssl server-policy policy-name
pki-domain domain-name
•
In non-FIPS mode:
ciphersuite
[ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
•
In FIPS mode:
ciphersuite
[ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha ] *
handshake timeout time
close-mode wait
351
Remarks
N/A
N/A
Optional.
By default, no PKI domain is
specified for an SSL server policy,
and the SSL server generates and
signs a certificate for itself and
does not obtain a certificate from a
CA server.
If SSL clients authenticate the server
through a digital certificate, you
must use this command to specify a
PKI domain and request a local
certificate for the SSL server in the
PKI domain.
For information about how to
configure a PKI domain, see
"Configuring PKI."
Optional.
By default, an SSL server policy
supports all cipher suites.
Optional.
3600 seconds by default.
Optional.
Not wait by default.