Table of Contents
Advertisement
Step
7.
Set the maximum number of
sessions that the SSL server
can cache.
8.
Enable the SSL server to
authenticate SSL clients
through digital certificates.
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters that the client uses to establish a connection to the
server. An SSL client policy takes effect only after it is associated with an application such as DDNS.
To configure an SSL client policy:
Step
1.
Enter system view.
2.
(Optional.) Disable SSL
session renegotiation.
3.
Create an SSL client policy and
enter its view.
4.
(Optional.) Specify a PKI
domain for the SSL client
policy.
5.
Specify the preferred cipher
Command
rsa_rc4_128_sha } *
•
In FIPS mode:
ciphersuite
{ ecdhe_ecdsa_aes_128_cb
c_sha256 |
ecdhe_ecdsa_aes_128_gc
m_sha256 |
ecdhe_ecdsa_aes_256_cbc
_sha384 |
ecdhe_ecdsa_aes_256_gc
m_sha384 |
ecdhe_rsa_aes_128_cbc_s
ha256 |
ecdhe_rsa_aes_128_gcm_s
ha256 |
ecdhe_rsa_aes_256_cbc_s
ha384 |
ecdhe_rsa_aes_256_gcm_s
ha384 |
rsa_aes_128_cbc_sha |
rsa_aes_128_cbc_sha256 |
rsa_aes_256_cbc_sha |
rsa_aes_256_cbc_sha256 }
*
session cachesize size
client-verify enable
Command
system-view
ssl renegotiation disable
ssl client-policy policy-name
pki-domain domain-name
•
In non-FIPS mode:
388
Remarks
By default, an SSL server can
cache a maximum of 500
sessions.
By default, SSL client
authentication is disabled.
Remarks
N/A
By default, SSL session
renegotiation is enabled.
By default, no SSL client policy
exists on the device.
By default, no PKI domain is
specified for an SSL client policy.
If SSL client authentication is
required, you must specify a PKI
domain and request a local
certificate for the SSL client in
the PKI domain.
For information about how to
create and configure a PKI
domain, see "Configuring PKI."
•
In non-FIPS mode:
Advertisement
Table of Contents
Troubleshooting
