H3C Technologies H3C S6300 Series Switches User Manual
Page 323
308
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
(Optional.) Disable SSL 3.0.
ssl version ssl3.0 disable
By default, the device supports
SSL 3.0.
This command is available in
Release 2311P05 and later
versions.
3.
Create an SSL server policy and
enter its view.
ssl server-policy policy-name
By default, no SSL server
policies exist on the device.
4.
(Optional.) Specify a PKI
domain for the SSL server policy. pki-domain domain-name
By default, no PKI domain is
specified for an SSL server
policy.
If SSL clients authenticate the
server through digital
certificates, you must use this
command to specify a PKI
domain and request a local
certificate for the SSL server
through the PKI domain.
For information about how to
create and configure a PKI
5.
Specify the cipher suites that the
SSL server policy supports.
•
In non-FIPS mode:
ciphersuite
{ dhe_rsa_aes_128_cbc_sha |
exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha } *
•
In FIPS mode:
{
In Release 2310:
ciphersuite
{ dhe_rsa_aes_128_cbc_sha
| dhe_rsa_aes_256_cbc_sha
| rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha } *
{
In Release 2311P04 and later
versions:
ciphersuite
{ rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha } *
By default, an SSL server policy
supports all cipher suites.
6.
Set the maximum number of
sessions that the SSL server can
cache.
session cachesize size
By default, an SSL server can
cache a maximum of 500
sessions.