350
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
To configure an SSL client policy:
Ste
Command
Remarks
1. Enter system view. system-view N/A
2. Create an SSL client policy
and enter its view.
ssl client-policy policy-name N/A
3. Specify a PKI domain for the
SSL client policy.
pki-domain domain-name
Optional.
No PKI domain is configured by
default.
After you specify a PKI domain, the
SSL client requests a certificate
through the PKI domain.
If the SSL server requires
certificate-based authentication for
SSL clients, you must use this
command to specify a PKI domain
for the client.
For more information about PKI
domain configuration, see
"Configuring PKI."
4. Specify the preferred cipher
suite for the SSL client policy.
• In non-FIPS mode:
prefer-cipher
{ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
• In FIPS mode:
prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
Optional.
rsa_rc4_128_md5 by default.
5. Specify the SSL protocol
version for the SSL client
policy.
• In non-FIPS mode:
version { ssl3.0 | tls1.0 }
• In FIPS mode:
version tls1.0
Optional.
TLS 1.0 by default.
6. Enable the SSL client to
perform certificate-based
authentication for the SSL
server.
server-verify enable
Optional.
Enabled by default.
To Next Page
Loading...
Need help?
General