Ssl configuration task list, Configuring an ssl server policy – H3C Technologies H3C SecPath F1000-E User Manual
Page 958
933
SSL configuration task list
Task Remarks
Configuring an SSL server policy
Required
Configuring an SSL client policy
Optional
Configuring an SSL server policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server policy
takes effect only after it is associated with an application layer protocol such as HTTP.
Before configuring an SSL server policy, configure the PKI domain for the SSL server policy to use to
obtain a certificate for the SSL server. For more information about PKI domain configuration, see VPN
Configuration Guide.
To configure an SSL server policy:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create an SSL server policy
and enter its view.
ssl server-policy policy-name N/A
3.
Specify a PKI domain for the
SSL server policy.
pki-domain domain-name
By default, no PKI domain is
specified for an SSL server policy.
If the client requires
certificate-based authentication for
the SSL server, you must use this
command to specify a PKI domain
for the server and request a local
certificate for the server through the
PKI domain.
4.
Specify the cipher suite(s) for
the SSL server policy to
support.
•
In non-FIPS mode:
ciphersuite
[ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
•
In FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
Optional.
By default, an SSL server policy
supports all cipher suites.
Support for the commands
depends on the firewall model. For
more information, see the SSL
command reference.