HP 6125G HP 6125G & 6125G/XG Blade Switches Security Command Reference - Page 250

Use undo server-verify enable to disable certificate-based SSL server authentication. When certificate-based SSL server authentication is disabled, it is assumed that the SSL server is valid. By default, certificate-based SSL server authentication is enabled. Related commands: display ssl client-policy. Examples # Enable certificate-based SSL server authentication. system-view [Sysname] ssl client-policy policy1 [Sysname-ssl-client-policy-policy1] server-verify enable session Syntax session { cachesize size | timeout time } * View undo session { cachesize | timeout } * SSL server policy view Default level 2: System level Parameters cachesize size: Specifies the maximum number of cached sessions, in the range of 100 to 1000. timeout time: Specifies the caching timeout time in seconds, in the range of 1800 to 72000. Description Use session to set the maximum number of cached sessions and the caching timeout time. Use undo session to restore the default. By default, the maximum number of cached sessions is 500 and the caching timeout time is 3600 seconds. It is a complicated process to use the SSL handshake protocol to negotiate session parameters and establish sessions. To simplify the process, SSL allows reusing negotiated session parameters to establish sessions. This feature requires that the SSL server maintain information about existing sessions. The number of cached sessions and the session information caching time are limited: • If the number of sessions in the cache reaches the maximum, SSL rejects to cache new sessions. • If a session has been cached for a period equal to the caching timeout time, SSL will remove the information of the session. Related commands: display ssl server-policy. Examples # Set the caching timeout time to 4000 seconds and the maximum number of cached sessions to 600. system-view [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] session timeout 4000 cachesize 600 241