Displaying and maintaining ssl, Troubleshooting ssl, Ssl handshake failure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

322

Step Command

Remarks

3.

Specify a PKI domain for the
SSL client policy.

pki-domain domain-name

Optional.
No PKI domain is configured by

default.
If the SSL server authenticates the
SSL client through a digital

certificate, you must use this

command to specify a PKI domain
and request a local certificate for

the SSL client through the PKI

domain.

4.

Specify the preferred cipher
suite for the SSL client policy.

prefer-cipher
{ rsa_3des_ede_cbc_sha |

rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |

rsa_des_cbc_sha |

rsa_rc4_128_md5 |
rsa_rc4_128_sha }

Optional.
rsa_rc4_128_md5 by default.

5.

Specify the SSL protocol

version for the SSL client
policy.

version { ssl3.0 | tls1.0 }

Optional.
TLS 1.0 by default.

6.

Enable certificate-based SSL

server authentication.

server-verify enable

Optional.
Enabled by default.

Displaying and maintaining SSL

Task Command

Remarks

Display SSL server policy
information.

display ssl server-policy
{ policy-name | all } [ | { begin |

exclude | include }

regular-expression ]

Available in any view

Display SSL client policy
information.

display ssl client-policy
{ policy-name | all } [ | { begin |
exclude | include }

regular-expression ]

Available in any view

Troubleshooting SSL

SSL handshake failure

Symptom

As the SSL server, the device fails to handshake with the SSL client.

Analysis

SSL handshake failure may result from the following causes: