R3204P16-HP Load Balancing Module Security Configuration Guide-6PW101
121
Configuring an SSL server policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server policy
takes effect only after it is associated with an application layer protocol, HTTP protocol, for example.
Configuration prerequisites
When configuring an SSL server policy, you need to specify the PKI domain to be used for obtaining the
server side certificate. Therefore, before configuring an SSL server policy, you must configure a PKI
domain. For more information about PKI domain configuration, see the chapter “PKI configuration.”
Configuration procedure
Follow these steps to configure an SSL server policy:
To do... Use the command...
Remarks
Enter system view system-view —
Create an SSL server policy
and enter its view
ssl server-policy
policy-name
Required
Specify a PKI domain for the
SSL server policy
pki-domain domain-name
Required
By default, no PKI domain is specified for an
SSL server policy.
Specify the cipher suite(s) for
the SSL server policy to
support
ciphersuite
[ rsa_aes_128_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha ] *
Optional
By default, an SSL server policy supports all
cipher suites.
Set the handshake timeout
time for the SSL server
handshake timeout time
Optional
3,600 seconds by default
Set the SSL connection close
mode
close-mode wait
Optional
Not wait by default
Set the maximum number of
cached sessions and the
caching timeout time
session { cachesize size |
timeout time } *
Optional
The defaults are as follows:
• 500 for the maximum number of cached
sessions,
• 3600 seconds for the caching timeout time.
Enable certificate-based SSL
client authentication
client-verify enable
Optional
Not enabled by default