R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101
993
Ke
y
word F1000-A-EI/S-EI
F1000-E
F5000 Firewall module
rsa_3des_ede_cbc_sha and
rsa_aes_256_cbc_sha
Yes Yes No Yes
Description
Use ciphersuite to specify the cipher suites for an SSL server policy to support.
By default, an SSL server policy supports all cipher suites.
With no keyword specified, the command configures an SSL server policy to support all cipher suites.
If you execute the command repeatedly, the last one takes effect.
Related commands: display ssl server-policy.
Examples
# Configure SSL server policy policy1 to support cipher suites rsa_rc4_128_md5 and rsa_rc4_128_sha.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] ciphersuite rsa_rc4_128_md5 rsa_rc4_128_sha
client-verify enable
Syntax
client-verify enable
undo client-verify enable
View
SSL server policy view
Default level
2: System level
Parameters
None
Description
Use client-verify enable to configure the SSL server to require the client to pass certificate-based
authentication.
Use undo client-verify enable to restore the default.
By default, the SSL server does not require certificate-based SSL client authentication.
If you configure the client-verify enable command and enable the SSL client weak authentication function,
whether the client must be authenticated is up to the client. If the client chooses to be authenticated, the
client must pass authentication before accessing the SSL server; otherwise, the client can access the SSL
server without authentication.
If you configure the client-verify enable command but disable the SSL client weak authentication function,
the SSL client must pass authentication before accessing the SSL server.
Related commands: client-verify weaken and display ssl server-policy.