Configuring an ssl server policy, Configuration prerequisites, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

3

Configuring an SSL Server Policy

An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server policy

takes effect only after it is associated with an application layer protocol, HTTP protocol, for example.

Configuration Prerequisites

When configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining the

server side certificate. Therefore, before configuring an SSL server policy, you must configure a PKI

domain. For more information about PKI domain configuration, see PKI Configuration in the Firewall

Web Configuration Manual.

Configuration Procedure

Follow these steps to configure an SSL server policy:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Create an SSL server policy and
enter its view

ssl server-policy policy-name

Required

Specify a PKI domain for the SSL

server policy

pki-domain domain-name

Required
By default, no PKI domain is

specified for an SSL server policy.

Specify the cipher suite(s) for the
SSL server policy to support

ciphersuite
[ rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *

Optional
By default, an SSL server policy

supports all cipher suites.

Set the handshake timeout time for
the SSL server

handshake timeout time

Optional
3,600 seconds by default

Set the SSL connection close mode close-mode wait

Optional
Not wait by default

Set the maximum number of
cached sessions and the caching

timeout time

session { cachesize size |
timeout time } *

Optional
The defaults are as follows:

•

500 for the maximum number
of cached sessions,

•

3600 seconds for the caching
timeout time.

Enable certificate-based SSL client
authentication

client-verify enable

Optional
Not enabled by default