HP VPN Firewall Appliances Network Management Configuration Guide
948
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an SSL client policy
and enter its view.
ssl client-policy policy-name N/A
3. Specify a PKI domain for the
SSL client policy.
pki-domain domain-name
Optional.
No PKI domain is specified by
default.
If the SSL server authenticates the
SSL client through a digital
certificate, you must use this
command to specify a PKI domain
and request a local certificate for
the SSL client in the PKI domain.
For information about how to
configure a PKI domain, see VPN
Configuration Guide.
4. Specify the preferred cipher
suite for the SSL client policy.
• In non-FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
• In FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
Optional.
rsa_rc4_128_md5 by default.
Support for the
rsa_3des_ede_cbc_sha and the
rsa_aes_256_cbc_sha keywords
depends on the device model. For
more information, see Network
Management Command
Reference.
5. Specify the SSL protocol
version for the SSL client
policy.
version { ssl3.0 | tls1.0 }
Optional.
TLS 1.0 by default.
6. Enable certificate-based SSL
server authentication.
server-verify enable
Optional.
Enabled by default.
Displaying SSL
Task Command
Remarks
Display SSL server policy
information.
display ssl server-policy { policy-name | all } [ |
{ begin | exclude | include } regular-expression ]
Available in any view.
Display SSL client policy
information.
display ssl client-policy { policy-name | all } [ | { begin
| exclude | include } regular-expression ]
Available in any view.