200To configure an SSL client policy:Step Command Remarks1. Enter system view. system-view N/A2. Create an SSL client policy andenter its view. ssl client-policy policy-name By default, no SSL client policy existson the device.3. (Optional.) Specify a PKIdomain for the SSL client policy. pki-domain domain-nameBy default, no PKI domain is specifiedfor an SSL client policy.If the SSL server authenticates the SSLclient through a digital certificate,you must use this command to specifya PKI domain and request a localcertificate for the SSL client throughthe PKI domain.For information about how to createand configure a PKI domain, see"Configuring PKI."4. Specify the preferred ciphersuite for the SSL client policy.In non-FIPS mode:prefer-cipher{ dhe_rsa_aes_128_cbc_sha |dhe_rsa_aes_256_cbc_sha |exp_rsa_des_cbc_sha |exp_rsa_rc2_md5 |exp_rsa_rc4_md5 |rsa_3des_ede_cbc_sha |rsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha |rsa_des_cbc_sha |rsa_rc4_128_md5 |rsa_rc4_128_sha }In FIPS mode:prefer-cipher{ dhe_rsa_aes_128_cbc_sha |dhe_rsa_aes_256_cbc_sha |rsa_aes_128_cbc_sha |rsa_aes_256_cbc_sha }In non-FIPS mode, the preferredcipher suite is rsa_rc4_128_md5 bydefault.In FIPS mode, the preferred ciphersuite is rsa_aes_128_cbc_sha bydefault.5. Specify the SSL version for theSSL client policy.n non-FIPS mode:version { ssl3.0 | tls1.0 }In FIPS mode:version tls1.0By default, an SSL client policy usesTLS 1.0.6. Enable the SSL client toauthenticate servers throughdigital certificates.server-verify enable The default setting is enabled.Displaying and maintaining SSLExecute display commands in any view.