R2511-HP MSR Router Series Security Configuration Guide(V5)
395
Ste
p
Command
Remarks
6. Set the handshake timeout
time for the SSL server.
handshake timeout time
Optional.
The default handshake timeout time
is 3600 seconds.
7. Set the SSL connection close
mode.
close-mode wait
Optional.
By default, An SSL server sends a
close-notify alert message to the
client and closes the connection
without waiting for the close-notify
alert message from the client.
8. Set the maximum number of
cached sessions and the
caching timeout time.
session { cachesize size | timeout
time } *
Optional.
The defaults are as follows:
• 500 for the maximum number
of cached sessions.
• 3600 seconds for the caching
timeout time.
9. Configure the server to require
certificate-based SSL client
authentication.
client-verify enable
Optional.
By default, the SSL server does not
require the client to be
authenticated.
10. Enable SSL client weak
authentication.
client-verify weaken
Optional.
Disabled by default.
This command takes effect only
when the client-verify enable
command is configured.
Configuring an SSL client policy
An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL
client policy takes effect only after it is associated with an application layer protocol.
To configure an SSL client policy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an SSL client policy
and enter its view.
ssl client-policy policy-name N/A