Displaying And Maintaining Ssl; Troubleshooting Ssl; Ssl Handshake Failure - 3Com 4500 PWR 26-Port Configuration Manual
Hide thumbs
Also See for 4500 PWR 26-Port:
- Manual (942 pages) ,
- Configuration manual (870 pages) ,
- Getting started manual (128 pages)
Table of Contents
Advertisement
To do...
Specify the preferred cipher
suite for the SSL client policy
Specify the SSL protocol
version for the SSL client policy
If you enable client authentication on the server, you must request a local certificate for the client.
Displaying and Maintaining SSL
To do...
Display SSL server policy
information
Display SSL client policy
information
Troubleshooting SSL
SSL Handshake Failure
Symptom
As the SSL server, the device fails to handshake with the SSL client.
Analysis
SSL handshake failure may result from the following causes:
No SSL server certificate exists, or the certificate is not trusted.
The server is expected to authenticate the client, but the SSL client has no certificate or the
certificate is not trusted.
The cipher suites used by the server and the client do not match.
Solution
1)
You can issue the debugging ssl command and view the debugging information to locate the
problem:
If the SSL server has no certificate, request one for it.
If the server certificate cannot be trusted, install on the SSL client the root certificate of the CA that
issues the local certificate to the SSL server, or let the server requests a certificate from the CA that
the SSL client trusts.
Use the command...
prefer-cipher
{ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
version { ssl3.0 | tls1.0 }
Use the command...
display ssl server-policy
{ policy-name | all }
display ssl client-policy
{ policy-name | all }
74-7
Remarks
Optional
rsa_rc4_128_md5 by default
Optional
TLS 1.0 by default
Remarks
Available in any view
- Quick Links:
- User Control
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
