[x]

SSL commands > ciphersuite

 

 Next

ciphersuite

Use ciphersuite to specify the cipher suites supported by an SSL server policy.

Use undo ciphersuite to restore the default.

Syntax

In non-FIPS mode:

ciphersuite { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_128_cbc_sha256 | dhe_rsa_aes_256_cbc_sha | dhe_rsa_aes_256_cbc_sha256 | ecdhe_ecdsa_aes_128_cbc_sha256 | ecdhe_ecdsa_aes_128_gcm_sha256 | ecdhe_ecdsa_aes_256_cbc_sha384 | ecdhe_ecdsa_aes_256_gcm_sha384 | ecdhe_rsa_aes_128_cbc_sha256 | ecdhe_rsa_aes_128_gcm_sha256 | ecdhe_rsa_aes_256_cbc_sha384 | ecdhe_rsa_aes_256_gcm_sha384 | exp_rsa_des_cbc_sha | exp_rsa_rc2_md5 | exp_rsa_rc4_md5 | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_128_cbc_sha256 | rsa_aes_256_cbc_sha | rsa_aes_256_cbc_sha256 | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha } *

undo ciphersuite

In FIPS mode:

ciphersuite { ecdhe_ecdsa_aes_128_cbc_sha256 | ecdhe_ecdsa_aes_256_cbc_sha384 | ecdhe_ecdsa_aes_128_gcm_sha256 | ecdhe_ecdsa_aes_256_gcm_sha384 | ecdhe_rsa_aes_128_cbc_sha256 | ecdhe_rsa_aes_128_gcm_sha256 | ecdhe_rsa_aes_256_cbc_sha384 | ecdhe_rsa_aes_256_gcm_sha384 | rsa_aes_128_cbc_sha | rsa_aes_128_cbc_sha256 | rsa_aes_256_cbc_sha | rsa_aes_256_cbc_sha256 } *

undo ciphersuite

Default

An SSL server policy supports all cipher suites.

Views

SSL server policy view

Predefined user roles

network-admin

mdc-admin

Parameters

dhe_rsa_aes_128_cbc_sha: Specifies the cipher suite that uses key exchange algorithm DHE RSA, data encryption algorithm 128-bit AES_CBC, and MAC algorithm SHA.

dhe_rsa_aes_128_cbc_sha256: Specifies the cipher suite that uses key exchange algorithm DHE RSA, data encryption algorithm 128-bit AES_CBC, and MAC algorithm SHA256.

dhe_rsa_aes_256_cbc_sha: Specifies the cipher suite that uses key exchange algorithm DHE RSA, data encryption algorithm 256-bit AES_CBC, and MAC algorithm SHA.

dhe_rsa_aes_256_cbc_sha256: Specifies the cipher suite that uses key exchange algorithm DHE RSA, data encryption algorithm 256-bit AES_CBC, and MAC algorithm SHA256.

ecdhe_ecdsa_aes_128_cbc_sha256: Specifies the cipher suite that uses key exchange algorithm ECDHE ECDSA, data encryption algorithm 128-bit AES_CBC, and MAC algorithm SHA256.

ecdhe_ecdsa_aes_128_gcm_sha256: Specifies the cipher suite that uses key exchange algorithm ECDHE ECDSA, data encryption algorithm 128-bit AES_GCM, and MAC algorithm SHA256.

ecdhe_ecdsa_aes_256_cbc_sha384: Specifies the cipher suite that uses key exchange algorithm ECDHE ECDSA, data encryption algorithm 256-bit AES_CBC, and MAC algorithm SHA384.

ecdhe_ecdsa_aes_256_gcm_sha384: Specifies the cipher suite that uses key exchange algorithm ECDHE ECDSA, data encryption algorithm 256-bit AES_GCM, and MAC algorithm SHA384.

ecdhe_rsa_aes_128_cbc_sha256: Specifies the cipher suite that uses key exchange algorithm ECDHE RSA, data encryption algorithm 128-bit AES_CBC, and MAC algorithm SHA256.

ecdhe_rsa_aes_128_gcm_sha256: Specifies the cipher suite that uses key exchange algorithm ECDHE RSA, data encryption algorithm 128-bit AES_GCM, and MAC algorithm SHA256.

ecdhe_rsa_aes_256_cbc_sha384: Specifies the cipher suite that uses key exchange algorithm ECDHE RSA, data encryption algorithm 256-bit AES_CBC, and MAC algorithm SHA384.

ecdhe_rsa_aes_256_gcm_sha384: Specifies the cipher suite that uses key exchange algorithm ECDHE RSA, data encryption algorithm 256-bit AES_GCM, and MAC algorithm SHA384.

exp_rsa_des_cbc_sha: Specifies the export cipher suite that uses key exchange algorithm RSA, data encryption algorithm DES_CBC, and MAC algorithm SHA.

exp_rsa_rc2_md5: Specifies the export cipher suite that uses key exchange algorithm RSA, data encryption algorithm RC2, and MAC algorithm MD5.

exp_rsa_rc4_md5: Specifies the export cipher suite that uses key exchange algorithm RSA, data encryption algorithm RC4, and MAC algorithm MD5.

rsa_3des_ede_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data encryption algorithm 3DES_EDE_CBC, and MAC algorithm SHA.

rsa_aes_128_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data encryption algorithm 128-bit AES_CBC, and MAC algorithm SHA.

rsa_aes_128_cbc_ sha256: Specifies the cipher suite that uses key exchange algorithm RSA, data encryption algorithm 128-bit AES_CBC, and MAC algorithm SHA256.

rsa_aes_256_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data encryption algorithm 256-bit AES_CBC, and MAC algorithm SHA.

rsa_aes_256_cbc_ sha256: Specifies the cipher suite that uses key exchange algorithm RSA, data encryption algorithm 256-bit AES_CBC, and MAC algorithm SHA256.

rsa_des_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data encryption algorithm DES_CBC, and MAC algorithm SHA.

rsa_rc4_128_md5: Specifies the cipher suite that uses key exchange algorithm RSA, data encryption algorithm 128-bit RC4, and MAC algorithm MD5.

rsa_rc4_128_sha: Specifies key exchange algorithm RSA, data encryption algorithm 128-bit RC4, and MAC algorithm SHA.

Usage guidelines

SSL employs the following algorithms:

After the SSL server receives a cipher suite from a client, the server matches the received cipher suite against the cipher suits it supports. If a match is found, the cipher suite negotiation succeeds. Otherwise, the negotiation fails.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure SSL server policy policy1 to support the following cipher suites:

<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] ciphersuite dhe_rsa_aes_128_cbc_sha rsa_aes_128_cbc_sha

Related commands

display ssl server-policy

prefer-cipher

prev

 

up

 next

SSL commands 

home

 client-verify

© Copyright 2018 Hewlett Packard Enterprise Development LP