3Com 4500 PWR 26-Port Configuration Manual page 888

Configuration Prerequisites
When configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining the
server side certificate. Therefore, before configuring an SSL server policy, you must configure a PKI
domain.
Configuration Procedure
Follow these steps to configure an SSL server policy:
To do...
Enter system view
Create an SSL server policy
and enter its view
Specify a PKI domain for the
SSL server policy
Specify the cipher suite(s) for
the SSL server policy to
support
Set the handshake timeout time
for the SSL server
Configure the SSL connection
close mode
Set the maximum number of
cached sessions and the
caching timeout time
Enable certificate-based SSL
client authentication
Use the command...
system-view
ssl server-policy policy-name
pki-domain domain-name
ciphersuite
[ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
handshake timeout time
close-mode wait
session { cachesize size |
timeout time } *
client-verify enable
74-3
Remarks
—
Required
Required
By default, no PKI domain is
specified for an SSL server
policy.
Optional
By default, an SSL server
policy supports all cipher
suites.
Optional
3,600 seconds by default
Optional
Not wait by default
Optional
The defaults are as follows:
500 for the maximum number
of cached sessions,
3600 seconds for the caching
timeout time.
Optional
Not enabled by default