HPE FlexNetwork 10500 Series Security Configuration Manual page 482

Step
2. (Optional.) Disable the SSL
server from using specific SSL
protocol versions for session
negotiation.
3. (Optional.) Disable SSL
session renegotiation for the
SSL server.
4. Create an SSL server policy
and enter its view.
5. (Optional.) Specify a PKI
domain for the SSL server
policy.
Command
•
In non-FIPS mode:
ssl version { ssl3.0 | tls1.0 |
tls1.1 } * disable
•
In FIPS mode:
ssl version { tls1.0 | tls1.1 } *
disable
ssl renegotiation disable
ssl server-policy policy-name
pki-domain domain-name
465
Remarks
By default:
•
In non-FIPS mode, the
SSL server supports
SSL 3.0, TLS 1.0, TLS
1.1, and TLS 1.2.
•
In FIPS mode, the SSL
server supports TLS
1.0, TLS 1.1, and TLS
1.2.
By default, SSL session
renegotiation is enabled.
By default, no SSL server
policies exist.
By default, no PKI domain is
specified for an SSL server
policy.
If SSL server authentication
is required, you must specify
a PKI domain and request a
local certificate for the SSL
server in the domain.
For information about
configuring a PKI domain,
see "Configuring PKI."