[x]

Configuring SSL > Configuring an SSL client policy

 

 Next

Configuring an SSL client policy

An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL client policy takes effect only after it is associated with an application layer protocol.

To configure an SSL client policy:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Create an SSL client policy and enter its view.

ssl client-policy policy-name

N/A

3. Specify a PKI domain for the SSL client policy.

pki-domain domain-name

Optional.

No PKI domain is specified by default.

If SSL client authentication is reqiured, you must specify a PKI domain and request a local certificate for the SSL client in the PKI domain.

For information about how to configure a PKI domain, see "Configuring PKI."

4. Specify the preferred cipher suite for the SSL client policy.

  • In non-FIPS mode:prefer-cipher { rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha }

  • In FIPS mode:prefer-cipher { rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha }

Optional.

By default, the preferred cipher suite of the SSL client policy is rsa_rc4_128_md5.

5. Specify the SSL protocol version for the SSL client policy.

  • In non-FIPS mode:version { ssl3.0 | tls1.0 }

  • In FIPS mode:version tls1.0

Optional.

The default SSL version is TLS 1.0.

6. Enable certificate-based SSL server authentication.

server-verify enable

Optional.

By default, SSL server authentication is enabled.

prev

 

up

 next

Configuring an SSL server policy 

home

 Displaying and maintaining SSL

© Copyright 2016 Hewlett Packard Enterprise Development LP