1954
C
HAPTER
104: SSL C
ONFIGURATION
key. An SSL session can be used to establish multiple connections, reducing
session negotiation cost.
■
SSL change cipher spec protocol: Used for notification between a client and the
server that the subsequent packets are to be protected and transmitted based
on the newly negotiated cipher suite and key.
■
SSL alert protocol: Allowing a client and the server to send alert messages to
each other. An alert message contains the alert severity level and a description.
■
SSL record protocol: Fragmenting and compressing data to be transmitted,
calculating and adding MAC to the data, and encrypting the data before
transmitting it to the peer end.
SSL Configuration
Task List
Different parameters are required on the SSL server and the SSL client.
Complete the following tasks to configure SSL:
Configuring an SSL
Server Policy
An SSL server policy is a set of SSL parameters for a server to use when booting
up. An SSL server policy takes effect only after it is associated with an application
layer protocol, HTTP protocol, for example.
Configuration
Prerequisites
Before configuring an SSL server policy, you must configure PKI (public key
infrastructure) domain. For details about PKI domain configuration, refer to
“Configuring a PKI Domain” on page 1833
.
Configuration Procedure
Follow these steps to configure an SSL server policy:
Task Remarks
“Configuring an SSL Server Policy” on page 1954
Required
“Configuring an SSL Client Policy” on page 1955
Optional
To do...
Use the command... Remarks
Enter system view
system-view
-
Create an SSL server policy
and enter its view
ssl server-policy
policy-name
Required
Specify a PKI domain for the
SSL server policy
pki-domain
domain-name
Required
By default, no PKI domain is
specified for an SSL server
policy.
Specify the cipher suite(s) for
the SSL server policy
ciphersuite
[
rsa_3des_ede_cbc_sha
|
rsa_aes_128_cbc_sha
|
rsa_aes_256_cbc_sha
|
rsa_des_cbc_sha
|
rsa_rc4_128_md5
|
rsa_rc4_128_sha
]
*
Optional
By default, an SSL server
policy supports all the six
cipher suites.
Set the handshake timeout
time for the SSL server
handshake timeout
time
Optional
3,600 seconds by default.
Configure the SSL connection
close mode
close-mode wait
Optional
Not
wait
by default
Содержание MSR 50 Series
Страница 152: ...152 CHAPTER 5 ATM CONFIGURATION...
Страница 209: ...Troubleshooting 209 Use the debugging dialer event and debugging dialer packet commands to locate the problem...
Страница 210: ...210 CHAPTER 6 DCC CONFIGURATION...
Страница 234: ...234 CHAPTER 7 DLSW CONFIGURATION...
Страница 344: ...344 CHAPTER 14 X 25 AND LAPB CONFIGURATION...
Страница 350: ...350 CHAPTER 15 LINK AGGREGATION OVERVIEW...
Страница 358: ...358 CHAPTER 17 MODEM CONFIGURATION...
Страница 486: ...486 CHAPTER 23 MSTP CONFIGURATION...
Страница 506: ...506 CHAPTER 25 VOICE VLAN CONFIGURATION...
Страница 510: ...510 CHAPTER 26 PORT ISOLATION CONFIGURATION...
Страница 524: ...524 CHAPTER 27 DYNAMIC ROUTE BACKUP CONFIGURATION...
Страница 538: ...538 CHAPTER 28 LOGICAL INTERFACE CONFIGURATION...
Страница 548: ...548 CHAPTER 29 CPOS INTERFACE CONFIGURATION...
Страница 572: ...572 CHAPTER 32 DHCP OVERVIEW...
Страница 604: ...604 CHAPTER 36 DHCP SNOOPING CONFIGURATION...
Страница 608: ...608 CHAPTER 37 BOOTP CLIENT CONFIGURATION...
Страница 646: ...646 CHAPTER 42 IP UNICAST POLICY ROUTING CONFIGURATION...
Страница 650: ...650 CHAPTER 43 UDP HELPER CONFIGURATION...
Страница 738: ...738 CHAPTER 50 IPV6 UNICAST POLICY ROUTING CONFIGURATION...
Страница 770: ...770 CHAPTER 51 TERMINAL ACCESS CONFIGURATION...
Страница 798: ...798 CHAPTER 52 FEP INSTALLATION AND CONFIGURATION...
Страница 808: ...808 CHAPTER 53 TERMINAL ACCESS TROUBLESHOOTING...
Страница 814: ...814 CHAPTER 54 TERMINAL ACCESS FAQ...
Страница 824: ...824 CHAPTER 55 IP ROUTING OVERVIEW...
Страница 876: ...876 CHAPTER 56 BGP CONFIGURATION...
Страница 916: ...916 CHAPTER 57 IS IS CONFIGURATION...
Страница 970: ...970 CHAPTER 58 OSPF CONFIGURATION...
Страница 1006: ...1006 CHAPTER 60 ROUTING POLICY CONFIGURATION...
Страница 1013: ...Configuration Example 1013 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Страница 1014: ...1014 CHAPTER 61 STATIC ROUTING CONFIGURATION...
Страница 1048: ...1048 CHAPTER 63 IPV6 IS IS CONFIGURATION...
Страница 1068: ...1068 CHAPTER 64 IPV6 OSPFV3 CONFIGURATION...
Страница 1080: ...1080 CHAPTER 65 IPV6 RIPNG CONFIGURATION...
Страница 1114: ...1114 CHAPTER 68 MULTICAST ROUTING AND FORWARDING CONFIGURATION...
Страница 1160: ...1160 CHAPTER 70 MSDP CONFIGURATION...
Страница 1234: ...1234 CHAPTER 73 MLD CONFIGURATION...
Страница 1278: ...1278 CHAPTER 74 IPV6 PIM CONFIGURATION...
Страница 1310: ...1310 CHAPTER 75 MULTICAST VPN CONFIGURATION...
Страница 1344: ...1344 CHAPTER 76 MPLS BASICS CONFIGURATION...
Страница 1458: ...1458 CHAPTER 78 MPLS L2VPN CONFIGURATION...
Страница 1555: ...MPLS L3VPN Configuration Example 1555 5 packet s received 0 00 packet loss round trip min avg max 66 79 109 ms...
Страница 1556: ...1556 CHAPTER 79 MPLS L3VPN CONFIGURATION...
Страница 1588: ...1588 CHAPTER 80 DVPN CONFIGURATION...
Страница 1648: ...1648 CHAPTER 85 QOS POLICY CONFIGURATION...
Страница 1696: ...1696 CHAPTER 89 MPLS QOS CONFIGURATION...
Страница 1708: ...1708 CHAPTER 90 DAR CONFIGURATION...
Страница 1728: ...1728 CHAPTER 91 FRAME RELAY QOS CONFIGURATION...
Страница 1750: ...1750 CHAPTER 92 802 1X CONFIGURATION...
Страница 1788: ...1788 CHAPTER 93 AAA RADIUS HWTACACS CONFIGURATION...
Страница 1810: ...1810 CHAPTER 95 MAC AUTHENTICATION CONFIGURATION...
Страница 1850: ...1850 CHAPTER 97 PKI CONFIGURATION...
Страница 1872: ...1872 CHAPTER 98 PORTAL CONFIGURATION...
Страница 1970: ...1970 CHAPTER 106 BACKUP CENTER CONFIGURATION...
Страница 2048: ...2048 CHAPTER 110 NETSTREAM CONFIGURATION...
Страница 2084: ...2084 CHAPTER 112 RMON CONFIGURATION...
Страница 2094: ...2094 CHAPTER 113 SNMP CONFIGURATION...
Страница 2114: ...2114 CHAPTER 115 FTP CONFIGURATION...
Страница 2123: ...System Maintaining Example 2123 The above output shows that nine routers are involved from the source to the destination device...
Страница 2124: ...2124 CHAPTER 117 SYSTEM MAINTAINING AND DEBUGGING...
Страница 2154: ...2154 CHAPTER 119 INFORMATION CENTER CONFIGURATION...
Страница 2170: ...2170 CHAPTER 121 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION...
Страница 2186: ...2186 CHAPTER 123 POE CONFIGURATION...
Страница 2198: ...2198 CHAPTER 125 ACFP CONFIGURATION...
Страница 2206: ...2206 CHAPTER 126 ACSEI CONFIGURATION...
Страница 2216: ...2216 CHAPTER 127 TRACK CONFIGURATION...
Страница 2232: ...2232 CHAPTER 128 IPX CONFIGURATION...
Страница 2242: ...2242 CHAPTER 129 VOICE OVERVIEW...
Страница 2244: ...2244 CHAPTER 130 VOIP OVERVIEW...
Страница 2288: ...2288 CHAPTER 132 VOICE ENTITY CONFIGURATION...
Страница 2342: ...2342 CHAPTER 134 E1 AND T1 CONFIGURATION...
Страница 2354: ...2354 CHAPTER 135 FAX OVER IP CONFIGURATION...
Страница 2366: ...2366 CHAPTER 136 H 323 CONFIGURATION...
Страница 2384: ...2384 CHAPTER 137 SIP OVERVIEW...