R3102-R3103-HP 6600/HSR6600 Routers Security Command Reference
389
rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
DES_CBC, and the MAC algorithm of SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit RC4, and the MAC algorithm of MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit
RC4, and the MAC algorithm of SHA.
Usage guidelines
With no keyword specified, the command configures an SSL server policy to support all cipher suites.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure SSL server policy policy1 to support cipher suites rsa_rc4_128_md5 and rsa_rc4_128_sha.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] ciphersuite rsa_rc4_128_md5 rsa_rc4_128_sha
Related commands
display ssl server-policy
client-verify enable
Use client-verify enable to configure the SSL server to require the client to pass certificate-based
authentication.
Use undo client-verify enable to restore the default.
Syntax
client-verify enable
undo client-verify enable
Default
The SSL server does not require certificate-based SSL client authentication.
Views
SSL server policy view
Default command level
2: System level
Usage guidelines
If you configure the client-verify enable command and enable the SSL client weak authentication function,
whether the client must be authenticated is up to the client. If the client chooses to be authenticated, the
client must pass authentication before accessing the SSL server; otherwise, the client can access the SSL
server without authentication.
If you configure the client-verify enable command but disable the SSL client weak authentication function,
the SSL client must pass authentication before accessing the SSL server.
Examples
# Configure the SSL server to require certificate-based SSL client authentication.