Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
To configure an SSL client policy:
Step
1.
Enter system view.
2.
Create an SSL client policy
and enter its view.
3.
Specify a PKI domain for the
SSL client policy.
4.
Specify the preferred cipher
suite for the SSL client policy.
5.
Specify the SSL protocol
version for the SSL client
policy.
6.
Enable the SSL client to
perform certificate-based
authentication for the SSL
server.
Displaying and maintaining SSL
Command
system-view
ssl client-policy policy-name
pki-domain domain-name
•
In non-FIPS mode:
prefer-cipher
{ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
•
In FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
•
In non-FIPS mode:
version { ssl3.0 | tls1.0 }
•
In FIPS mode:
version tls1.0
server-verify enable
347
Remarks
N/A
N/A
Optional.
No PKI domain is configured by
default.
After you specify a PKI domain, the
SSL client requests a certificate
through the PKI domain.
If the SSL server requires
certificate-based authentication for
SSL clients, you must use this
command to specify a PKI domain
for the client.
For more information about PKI
domain configuration, see
"Configuring
PKI."
Optional.
rsa_rc4_128_md5 by default.
Optional.
TLS 1.0 by default.
Optional.
Enabled by default.