R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
352
Ste
p
Command
Remarks
7. Set the maximum number of
cached sessions and the
caching timeout time.
session { cachesize size | timeout
time } *
Optional.
The defaults are as follows:
• 500 for the maximum number
of cached sessions.
• 3600 seconds for the caching
timeout time.
8. Configure the server to require
certificate-based SSL client
authentication.
client-verify enable
Optional.
By default, the SSL server does not
require the client to be
authenticated.
9. Enable SSL client weak
authentication.
client-verify weaken
Optional.
Disabled by default.
This command takes effect only
when the client-verify enable
command is configured.
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
To configure an SSL client policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an SSL client policy
and enter its view.
ssl client-policy policy-name N/A
3. Specify a PKI domain for the
SSL client policy.
pki-domain domain-name
Optional.
No PKI domain is specified by
default.
If the SSL server authenticates the
SSL client through a digital
certificate, you must use this
command to specify a PKI domain
and request a local certificate for
the SSL client in the PKI domain.
For information about how to
configure a PKI domain, see
"Configuring PKI."