Displaying and maintaining ssl, Troubleshooting ssl, Ssl handshake failure – H3C Technologies H3C S5120 Series Switches User Manual

1-7

To do…

Use the command…

Remarks

Create an SSL client policy and
enter its view

ssl client-policy policy-name

Required

Specify a PKI domain for the
SSL client policy

pki-domain domain-name

Optional

No PKI domain is configured by
default.

Specify the preferred cipher
suite for the SSL client policy

prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }

Optional

rsa_rc4_128_md5 by default

Specify the SSL protocol
version for the SSL client policy

version { ssl3.0 | tls1.0 }

Optional

TLS 1.0 by default

If you enable client authentication on the server, you must request a local certificate for the client.

Displaying and Maintaining SSL

To do…

Use the command…

Remarks

Display SSL server policy
information

display ssl server-policy
{ policy-name | all }

Display SSL client policy
information

display ssl client-policy
{ policy-name | all }

Available in any view

Troubleshooting SSL

SSL Handshake Failure

Symptom

As the SSL server, the device fails to handshake with the SSL client.

Analysis

SSL handshake failure may result from the following causes:

z

The SSL client is configured to authenticate the SSL server, but the SSL server has no certificate or

the certificate is not trusted.

z

The SSL server is configured to authenticate the SSL client, but the SSL client has no certificate or

the certificate is not trusted.

z

The server and the client have no matching cipher suite.