F3215-HP Load Balancing Module Security Command Reference-6PW101
178
Usage guidelines
The client-verify weaken command takes effect only when the SSL server requires certificate-based client
authentication.
If the SSL server requires certificate-based client authentication and the SSL client weak authentication
function is enabled, whether the client must be authenticated is up to the client. If the client chooses to be
authenticated, the client must pass authentication before accessing the SSL server; otherwise, the client
can access the SSL server without authentication.
If the SSL server requires certificate-based client authentication and SSL client weak authentication is
disabled, the SSL client must pass authentication before accessing the SSL server.
Examples
# Enable SSL client weak authentication.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] client-verify enable
[Sysname-ssl-server-policy-policy1] client-verify weaken
Related commands
• client-verify enable
• display ssl server-policy
close-mode wait
Use close-mode wait to set the SSL connection close mode to wait mode. In this mode, after sending a
close-notify alert message to a client, the server does not close the connection until it receives a
close-notify alert message from the client.
Use undo close-mode wait to restore the default.
Syntax
close-mode wait
undo close-mode wait
Default
An SSL server sends a close-notify alert message to the client and closes the connection without waiting
for the close-notify alert message from the client.
Views
SSL server policy view
Default command level
2: System level
Examples
# Set the SSL connection close mode to wait.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] close-mode wait
Related commands
display ssl server-policy