1-6Configuring an SSL Client PolicyAn SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSLclient policy takes effect only after it is associated with an application layer protocol.Configuration PrerequisitesIf the SSL server is configured to authenticate the SSL client, when configuring the SSL client policy,you need to specify the PKI domain to be used for obtaining the certificate of the client. Therefore,before configuring an SSL client policy, you must configure a PKI domain. For details about PKI domainconfiguration, refer to PKI Configuration in the Security Volume.Configuration ProcedureFollow these steps to configure an SSL client policy:To do… Use the command… RemarksEnter system view system-view —Create an SSL client policy andenter its view ssl client-policy policy-name RequiredSpecify a PKI domain for theSSL client policy pki-domain domain-nameOptionalNo PKI domain is configured bydefault.Specify the preferred ciphersuite for the SSL client policyprefer-cipher{ rsa_aes_128_cbc_sha |rsa_des_cbc_sha |rsa_rc4_128_md5 |rsa_rc4_128_sha }Optionalrsa_rc4_128_md5 by defaultSpecify the SSL protocolversion for the SSL client policy version { ssl3.0 | tls1.0 } OptionalTLS 1.0 by defaultIf you enable client authentication on the server, you must request a local certificate for the client.Displaying and Maintaining SSLTo do… Use the command… RemarksDisplay SSL server policyinformationdisplay ssl server-policy{ policy-name | all }Display SSL client policyinformationdisplay ssl client-policy{ policy-name | all }Available in any view