Displaying And Maintaining Ssl; Troubleshooting Ssl; Ssl Handshake Failure - HP A5830 Series Configuration Manual

To do...
3. Specify a PKI domain for the
SSL client policy.
4. Specify the preferred cipher
suite for the SSL client policy.
5. Specify the SSL protocol
version for the SSL client
policy.
6. Enable certificate-based SSL
server authentication.
If you enable client authentication on the server, you must request a local certificate for the client.

Displaying and maintaining SSL

To do...
Display SSL server policy
information
Display SSL client policy
information

Troubleshooting SSL

SSL handshake failure

Symptom
As the SSL server, the switch fails to handshake with the SSL client.
Analysis
SSL handshake failure may result from the following causes:
The SSL client is configured to authenticate the SSL server, but the SSL server has no certificate, or
•
the certificate is not trusted.
The SSL server is configured to authenticate the SSL client, but the SSL client has no certificate, or
•
the certificate is not trusted.
The server and the client have no matching cipher suite.
•
Use the command...
pki-domain domain-name
prefer-cipher {
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
version { ssl3.0 | tls1.0 }
server-verify enable
Use the command...
display ssl server-policy { policy-
name | all } [ | { begin | exclude
| include } regular-expression ]
display ssl client-policy { policy-
name | all } [ | { begin | exclude
| include } regular-expression ]
205
Remarks
Optional.
No PKI domain is configured by
default.
Optional.
rsa_rc4_128_md5 by default.
Optional.
TLS 1.0 by default.
Optional.
Enabled by default.
Remarks
Available in any view