345
Ste
Command
Remarks
2. Create an SSL client policy and
enter its view.
ssl client-policy policy-name
By default, no SSL client policy
exists on the device.
3. (Optional.) Specify a PKI
domain for the SSL client policy.
pki-domain domain-name
By default, no PKI domain is
specified for an SSL client policy.
If SSL client authentication is
required, you must specify a PKI
domain and request a local
certificate for the SSL client in the
PKI domain.
For information about how to
create and configure a PKI
domain, see "Configuring PKI."
4. Specify the preferred cipher
suite for the SSL client policy.
• In non-FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
• In FIPS mode:
prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
• In non-FIPS mode:
The default preferred cipher
suite is rsa_rc4_128_md5.
• In FIPS mode:
The default preferred cipher
suite is sa_aes_128_cbc_sha.
5. Specify the SSL version for the
SSL client policy.
• In non-FIPS mode:
version { ssl3.0 | tls1.0 }
• In FIPS mode:
version tls1.0
By default, an SSL client policy
uses TLS 1.0.
6. Enable the SSL client to
authenticate servers through
digital certificates.
server-verify enable
By default, SSL server
authentication is enabled.
Displaying and maintaining SSL
Execute display commands in any view.
Task Command
Display SSL server policy information. display ssl server-policy [ policy-name ]
Display SSL client policy information. display ssl client-policy [ policy-name ]
To Next Page
Loading...
Need help?
General