R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101
1000
Ke
y
word F1000-A-EI/S-EI
F1000-E
F5000 Firewall module
rsa_3des_ede_cbc_sha and
rsa_aes_256_cbc_sha
Yes Yes No Yes
Description
Use prefer-cipher to specify the preferred cipher suite for an SSL client policy.
Use undo prefer-cipher to restore the default.
By default, the preferred cipher suite for an SSL client policy is rsa_rc4_128_md5.
Related commands: display ssl client-policy.
Examples
# Set the preferred cipher suite for SSL client policy policy1 to rsa_aes_128_cbc_sha.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_sha
server-verify enable
Syntax
server-verify enable
undo server-verify enable
View
SSL client policy view
Default level
2: System level
Parameters
None
Description
Use server-verify enable to enable certificate-based SSL server authentication so that the SSL client
authenticates the server by the server's certificate during the SSL handshake process.
Use undo server-verify enable to disable certificate-based SSL server authentication. When
certificate-based SSL server authentication is disabled, it is assumed that the SSL server is valid.
By default, certificate-based SSL server authentication is enabled.
Related commands: display ssl client-policy.
Examples
# Enable certificate-based SSL server authentication.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] server-verify enable