F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100
950
Ste
p
Command
Remarks
1630. Enter system view. system-view N/A
1631. Create an SSL client
policy and enter its view.
ssl client-policy policy-name N/A
1632. Specify a PKI domain
for the SSL client policy.
pki-domain domain-name
Optional.
No PKI domain is specified by
default.
If the SSL server authenticates the
SSL client through a digital
certificate, you must use this
command to specify a PKI domain
and request a local certificate for
the SSL client in the PKI domain.
For information about how to
configure a PKI domain, see VPN
Configuration Guide.
1633. Specify the preferred
cipher suite for the SSL client
policy.
In non-FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
In FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
Optional.
rsa_rc4_128_md5 by default.
Support for the
rsa_3des_ede_cbc_sha and the
rsa_aes_256_cbc_sha keywords
depends on the device model. For
more information, see the
command reference.
1634. Specify the SSL protocol
version for the SSL client
policy.
version { ssl3.0 | tls1.0 }
Optional.
TLS 1.0 by default.
1635. Enable
certificate-based SSL server
authentication.
server-verify enable
Optional.
Enabled by default.
358B
Displaying SSL
Task Command
Remarks
Display SSL server policy
information.
display ssl server-policy { policy-name | all } [ |
{ begin | exclude | include } regular-expression ]
Available in any view.
Display SSL client policy
information.
display ssl client-policy { policy-name | all } [ | { begin
| exclude | include } regular-expression ]
Available in any view.