beautypg.com

Ssl configuration task list, Configuring an ssl server policy, Configuration prerequisites – H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 638: Configuration procedure, 2 configuring an ssl server policy, 2 configuration procedure

background image

66-2

algorithm, and master key. An SSL session can be used to establish multiple connections,
reducing session negotiation cost.

z

SSL change cipher spec protocol: Used for notification between a client and the server that the
subsequent packets are to be protected and transmitted based on the newly negotiated cipher
suite and key.

z

SSL alert protocol: Allowing a client and the server to send alert messages to each other. An alert
message contains the alert severity level and a description.

z

SSL record protocol: Fragmenting and compressing data to be transmitted, calculating and adding
MAC to the data, and encrypting the data before transmitting it to the peer end.

SSL Configuration Task List

Different parameters are required on the SSL server and the SSL client.

Complete the following tasks to configure SSL:

Task

Remarks

Configuring an SSL Server Policy

Required

Configuring an SSL Client Policy

Optional

Configuring an SSL Server Policy

An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server
policy takes effect only after it is associated with an application layer protocol, HTTP protocol, for
example.

Configuration Prerequisites

Before configuring an SSL server policy, you must configure a PKI (public key infrastructure) domain.

Configuration Procedure

Follow these steps to configure an SSL server policy:

To do...

Use the command...

Remarks

Enter system view

system-view

Create an SSL server policy and
enter its view

ssl server-policy policy-name

Required

Specify a PKI domain for the SSL
server policy

pki-domain domain-name

Required
By default, no PKI domain is
specified for an SSL server policy.

Specify the cipher suite(s) for the
SSL server policy to support

ciphersuite

[ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha

|

rsa_rc4_128_md5

|

rsa_rc4_128_sha

] *

Optional
By default, an SSL server policy
supports all cipher suites.

Set the handshake timeout time for
the SSL server

handshake timeout time

Optional
3,600 seconds by default

See also other documents in the category H3C Technologies Routers: