Parameters
domain-name: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
If you use this command to specify a PKI domain for an SSL client policy, the SSL client that references the
SSL client policy will obtain its digital certificate through the specified PKI domain.
Examples
# Specify the PKI domain client-domain for the SSL client policy policy1.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] pki-domain client-domain
Related commands
• display ssl client-policy
• pki domain
prefer-cipher
Use prefer-cipher to specify a preferred cipher suite for an SSL client policy.
Use undo prefer-cipher to restore the default.
Syntax
In non-FIPS mode:
prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 | exp_rsa_rc4_md5 | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha }
undo prefer-cipher
In FIPS mode:
prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
undo prefer-cipher
Default
In non-FIPS mode, the preferred cipher suite of an SSL client policy is rsa_rc4_128_md5.
In FIPS mode, the preferred cipher suite of an SSL client policy is rsa_aes_128_cbc_sha.
Views
SSL client policy view
Predefined user roles
network-admin
275
To Next Page
Loading...
Need help?
General
