Ssl configuration task list, Configuring an ssl server policy, Configuration prerequisites – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 638: Configuration procedure, 2 configuring an ssl server policy, 2 configuration procedure
66-2
algorithm, and master key. An SSL session can be used to establish multiple connections,
reducing session negotiation cost.
z
SSL change cipher spec protocol: Used for notification between a client and the server that the
subsequent packets are to be protected and transmitted based on the newly negotiated cipher
suite and key.
z
SSL alert protocol: Allowing a client and the server to send alert messages to each other. An alert
message contains the alert severity level and a description.
z
SSL record protocol: Fragmenting and compressing data to be transmitted, calculating and adding
MAC to the data, and encrypting the data before transmitting it to the peer end.
SSL Configuration Task List
Different parameters are required on the SSL server and the SSL client.
Complete the following tasks to configure SSL:
Task
Remarks
Configuring an SSL Server Policy
Required
Configuring an SSL Client Policy
Optional
Configuring an SSL Server Policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server
policy takes effect only after it is associated with an application layer protocol, HTTP protocol, for
example.
Configuration Prerequisites
Before configuring an SSL server policy, you must configure a PKI (public key infrastructure) domain.
Configuration Procedure
Follow these steps to configure an SSL server policy:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Create an SSL server policy and
enter its view
ssl server-policy policy-name
Required
Specify a PKI domain for the SSL
server policy
pki-domain domain-name
Required
By default, no PKI domain is
specified for an SSL server policy.
Specify the cipher suite(s) for the
SSL server policy to support
ciphersuite
[ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha
|
rsa_rc4_128_md5
|
rsa_rc4_128_sha
] *
Optional
By default, an SSL server policy
supports all cipher suites.
Set the handshake timeout time for
the SSL server
handshake timeout time
Optional
3,600 seconds by default