8
Parameters
domain-name
: Specifies a PKI domain by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
If you specify a PKI domain for an SSL server policy, the SSL server that uses the SSL server policy
will obtain its digital certificate through the specified PKI domain.
Examples
# Specify PKI domain
server-domain
for SSL server policy
policy1
.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] pki-domain server-domain
Related commands
display ssl server-policy
pki domain
prefer-cipher
Use
prefer-cipher
to specify a preferred cipher suite for an SSL client policy.
Use
undo prefer-cipher
to restore the default.
Syntax
In non-FIPS mode:
prefer-cipher
{
dhe_rsa_aes_128_cbc_sha
|
dhe_rsa_aes_128_cbc_sha256
|
dhe_rsa_aes_256_cbc_sha
|
dhe_rsa_aes_256_cbc_sha256
|
ecdhe_ecdsa_aes_128_cbc_sha256
|
ecdhe_ecdsa_aes_128_gcm_sha256
|
ecdhe_ecdsa_aes_256_cbc_sha384
|
ecdhe_ecdsa_aes_256_gcm_sha384
|
ecdhe_rsa_aes_128_cbc_sha256
|
ecdhe_rsa_aes_128_gcm_sha256
|
ecdhe_rsa_aes_256_cbc_sha384
|
ecdhe_rsa_aes_256_gcm_sha384
|
exp_rsa_des_cbc_sha
|
exp_rsa_rc2_md5
|
exp_rsa_rc4_md5
|
rsa_3des_ede_cbc_sha
|
rsa_aes_128_cbc_sha
|
rsa_aes_128_cbc_sha256
|
rsa_aes_256_cbc_sha
|
rsa_aes_256_cbc_sha256
|
rsa_des_cbc_sha
|
rsa_rc4_128_md5
|
rsa_rc4_128_sha
}
undo prefer-cipher
In FIPS mode:
prefer-cipher
{
ecdhe_ecdsa_aes_128_cbc_sha256
|
ecdhe_ecdsa_aes_128_gcm_sha256
|
ecdhe_ecdsa_aes_256_cbc_sha384
|
ecdhe_ecdsa_aes_256_gcm_sha384
|
ecdhe_rsa_aes_128_cbc_sha256
|
ecdhe_rsa_aes_128_gcm_sha256
|
ecdhe_rsa_aes_256_cbc_sha384
|
ecdhe_rsa_aes_256_gcm_sha384
|
rsa_aes_128_cbc_sha
|
rsa_aes_128_cbc_sha256
|
rsa_aes_256_cbc_sha
|
rsa_aes_256_cbc_sha256
}
undo prefer-cipher
Default
In non-FIPS mode:
The preferred cipher suite of an SSL client policy is
rsa_rc4_128_md5
.
In FIPS mode:
The preferred cipher suite of an SSL client policy is
rsa_aes_128_cbc_sha
.
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...