Ssl server policy configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 959

Advertising
background image

934

Step Command

Remarks

5.

Set the handshake timeout
time for the SSL server.

handshake timeout time

Optional.
3600 seconds by default.

6.

Set the SSL connection close
mode.

close-mode wait

Optional.
Not wait by default.

7.

Set the maximum number of

cached sessions and the
caching timeout time.

session { cachesize size | timeout
time } *

Optional.
The defaults are as follows:

500 for the maximum number

of cached sessions,

3600 seconds for the caching

timeout time.

8.

Enable the SSL server to

perform digital
certificate-based

authentication for SSL clients.

client-verify enable

Optional.
By default, the SSL server does not

require clients to be authenticated.

9.

Enable SSL client weak
authentication.

client-verify weaken

Optional.
Disabled by default.
This command takes effect only
when the client-verify enable

command is configured.

NOTE:

SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0 corresponds to SSL 3.1.
When the switch acts as an SSL server, it can communicate with clients running SSL 3.0 or TLS 1.0, and

can identify the SSL 2.0 Client Hello message from a client supporting SSL 2.0 and SSL 3.0/TLS 1.0 and

notify the client to use SSL 3.0 or TLS 1.0 to communicate with the server. In FIPS mode, only TLS 1.0 is
supported.

SSL server policy configuration example

Network requirements

As shown in

Figure 409

, users need to access and control the device through web pages.

For security of the device and to make sure that data is not eavesdropped or tampered with, configure the

device so that users must use HTTPS (Hypertext Transfer Protocol Secure, which uses SSL) to log in to the

web interface of the device.

NOTE:

In this example, Windows Server works as the CA server and the Simple Certificate Enrollment Protocol
(SCEP) plug-in is installed on the CA server.

Before performing the following configurations, make sure that SecPath, the host, and the CA server
have IP connectivity between each other.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS, H3C SecBlade LB Cards, H3C SecPath L1000-A Load Balancer

Popular Brands
Popular manuals