Displaying and maintaining ssl – H3C Technologies H3C S6300 Series Switches User Manual

Page 325

310

Step Command

Remarks

Specify the preferred cipher
suite for the SSL client policy.

•

In non-FIPS mode:
prefer-cipher

{ dhe_rsa_aes_128_cbc_sha |

dhe_rsa_aes_256_cbc_sha |
exp_rsa_des_cbc_sha |

exp_rsa_rc2_md5 |

exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |

rsa_aes_128_cbc_sha |

rsa_aes_256_cbc_sha |

rsa_des_cbc_sha |
rsa_rc4_128_md5 |

rsa_rc4_128_sha }

•

In FIPS mode:

{

In Release 2310:

prefer-cipher
{ dhe_rsa_aes_128_cbc_sha

| dhe_rsa_aes_256_cbc_sha

| rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }

{

In Release 2311P04 and later
versions:

prefer-cipher

{ rsa_aes_128_cbc_sha |

rsa_aes_256_cbc_sha }

•

In non-FIPS mode:
The default preferred cipher

suite is rsa_rc4_128_md5.

•

In FIPS mode:

The default preferred cipher

suite is

sa_aes_128_cbc_sha.

Specify the SSL version for the
SSL client policy.

•

In non-FIPS mode:
version { ssl3.0 | tls1.0 }

•

In FIPS mode:

version tls1.0

By default, an SSL client policy

uses TLS 1.0.

Enable the SSL client to
authenticate servers through

digital certificates.

server-verify enable

The default setting is enabled.

Displaying and maintaining SSL

Execute display commands in any view.

Task Command

Display SSL server policy information.

display ssl server-policy [ policy-name ]

Display SSL client policy information.

display ssl client-policy [ policy-name ]

This manual is related to the following products:

H3C S5820V2 Series Switches H3C S5830 Series Switches H3C S5830V2 Series Switches H3C S3600V2 Series Switches