2214
C
144: SSL C
HAPTER
Description
Example
session
Syntax
View
Parameter
Description
Example
C
ONFIGURATION
OMMANDS
rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data
encryption algorithm of 128-bit RC4, and the MAC algorithm of SHA.
Use the
prefer-cipher
client policy.
Use the
undo prefer-cipher
By default, the preferred cipher suite for an SSL client policy is rsa_rc4_128_md5.
# Set the preferred cipher suite for SSL client policy policy1 to
rsa_aes_128_cbc_sha.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_sha
session { cachesize size | timeout time } *
undo session { cachesize | timeout } *
SSL server policy view
cachesize size: Sets the maximum number of cached sessions, in the range 100 to
1,000.
timeout time: Sets the caching timeout time, in the range 1,800 to 72,000
seconds.
Use the
session
the caching timeout time.
Use the
undo session
By default, the maximum number of cached sessions is 500 and the caching
timeout time is 3,600 seconds.
If the number of sessions in the cache reaches the maximum, SSL rejects to cache
new sessions. If a session exists in the cache for a period equal to the caching
timeout time, SSL removes it from the cache.
# Set the caching timeout time to 4,000 seconds, and the maximum number of
cached sessions to 600.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] session timeout 4000 cachesize 600
command to specify the preferred cipher suite for an SSL
command to restore the default.
command to set the maximum number of cached sessions and
command to restore the default.