1-7To do… Use the command… RemarksSpecify the preferred ciphersuite for the SSL client policyprefer-cipher{ rsa_3des_ede_cbc_sha |rsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha |rsa_des_cbc_sha |rsa_rc4_128_md5 |rsa_rc4_128_sha }Optionalrsa_rc4_128_md5 by defaultSpecify the SSL protocolversion for the SSL client policy version { ssl3.0 | tls1.0 } OptionalTLS 1.0 by defaultIf you enable client authentication on the server, you must request a local certificate for the client.Displaying and Maintaining SSLTo do… Use the command… RemarksDisplay SSL server policyinformationdisplay ssl server-policy{ policy-name | all }Display SSL client policyinformationdisplay ssl client-policy{ policy-name | all }Available in any viewTroubleshooting SSLSSL Handshake FailureSymptomAs the SSL server, the device fails to handshake with the SSL client.AnalysisSSL handshake failure may result from the following causes:z No SSL server certificate exists, or the certificate is not trusted.z The server is expected to authenticate the client, but the SSL client has no certificate or thecertificate is not trusted.z The cipher suites used by the server and the client do not match.Solution1) You can issue the debugging ssl command and view the debugging information to locate theproblem:z If the SSL server has no certificate, request one for it.z If the server certificate cannot be trusted, install on the SSL client the root certificate of the CA thatissues the local certificate to the SSL server, or let the server requests a certificate from the CA thatthe SSL client trusts.