Session - H3C MSR Series Command Reference Manual

Views
SSL client policy view
Predefined user roles
network-admin
Usage guidelines
SSL uses digital certificates to authenticate communicating parties. For more information about
digital certificates, see Security Configuration Guide.
If you execute the server-verify enable command, an SSL server must send its digital certificate to
the SSL client for authentication. The client can access the SSL server only after the server passes
the authentication.
Examples
# Enable the SSL client to use digital certificates to authenticate SSL servers.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] server-verify enable
Related commands
display ssl client-policy

session

Use session to set the maximum number of sessions that the SSL server can cache and the timeout
time for cached sessions.
Use undo session to restore the default.
Syntax
session { cachesize size | timeout time } *
undo session { cachesize | timeout } *
Default
The SSL server can cache a maximum of 500 sessions, and the timeout time for cached sessions is
3600 seconds.
Views
SSL server policy view
Predefined user roles
network-admin
Parameters
cachesize size: Sets the maximum number of cached sessions, in the range of 100 to 20480.
timeout time: Sets the session cache timeout in the range of 1 to 4294967295 seconds.
Usage guidelines
The SSL server caches SSL sessions to reuse negotiated session parameters to simplify SSL
handshake. Use this command to limit the maximum number and timeout time for cached sessions.
When the number of cached sessions reaches the maximum, SSL does not cache new sessions.
When the timeout timer for a cached session expires, SSL deletes the session.
730