Nortel Networks 5500 series User Manual
Page 104
104
Configuring the domain
Table 8
Configuring SSL Settings (cont’d.)
/cfg/domain #/server/ssl
followed by:
The SSL server can use chain certificates
only if the protocol version is set to
ssl3 or ssl23 (see
/cfg/domain
#/server/ssl/protocol
).
protocol ssl2|ssl3|ssl
23|tls1
Specifies the protocol to use when establishing
an SSL session with a client. Valid options are:
•
ssl2
—accept SSL 2.0 only
•
ssl3
—accept SSL 3.0 and TLS 1.0
•
ssl23
—accept SSL 2.0, SSL 3.0, and TLS
1.0
•
tls1
—accept TLS 1.0 only
The default value is
ssl3
.
verify none|optional|r
equired
Specifies the level of client authentication to
use when establishing an SSL session. Valid
options are:
•
none
—no client certificate is required
•
optional
—a client certificate is requested,
but the client need not present one
•
required
—a client certificate is required
The default value is
none
.
Not supported in Nortel Secure Network Access
Switch Software Release 1.6.1.
ciphers <cipher list>
Specifies the list of preferred ciphers. This
information is sent to the backend servers.The
default cipher list provides for using lighter
encryption algorithms between the SNAS and
the backend servers. Both the SNAS and the
backend servers typically are behind a firewall
in physically secured premises, using lighter
encryption algorithms on this network segment
should not compromise the overall security.
If you change the default list of preferred
ciphers, make sure the specified ciphers are
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100
03.01
Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.