Configuring an SSL client policy
An SSL client policy is a set of SSL parameters that the client uses to establish a connection to the server. An SSL client policy takes effect only after it is associated with an application such as FTP. For information about FTP, see Fundamentals Configuration Guide.
To configure an SSL client policy:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. (Optional.) Disable SSL session renegotiation for the SSL client. | ssl renegotiation disable | By default, SSL session renegotiation is enabled. |
3. Create an SSL client policy and enter its view. | ssl client-policy policy-name | By default, no SSL client policies exist. |
4. (Optional.) Specify a PKI domain for the SSL client policy. | pki-domain domain-name | By default, no PKI domain is specified for an SSL client policy. If SSL client authentication is required, you must specify a PKI domain and request a local certificate for the SSL client in the PKI domain. For information about configuring a PKI domain, see "Configuring PKI." |
5. Specify the preferred cipher suite for the SSL client policy. |
|
|
6. Specify the SSL protocol version for the SSL client policy. |
| By default, an SSL client policy uses TLS 1.0. To ensure security, do not specify SSL 3.0 for an SSL client policy. |
7. Enable the SSL client to authenticate servers through digital certificates. | server-verify enable | By default, SSL server authentication is enabled. |