4-13
Cisco Content Services Switch SSL Configuration Guide
OL-5655-01
Chapter 4 Configuring SSL Termination
Configuring Virtual SSL Servers for an SSL Proxy List
If you use the default setting or select the all-cipher-suite option, the CSS sends
the suites in the same order as they appear in Table 4-1, starting with
rsa-with-rc4-128-md5.
Note The all-cipher-suites setting works only when no specifically-defined ciphers are
configured. To return to using the all-cipher-suites setting, you must remove all
specifically-defined ciphers.
Caution The dh-anon series of cipher suites are intended for completely anonymous
Diffie-Hellman communications in which neither party is authenticated. Note that
this cipher suite is vulnerable to attacks.
Cipher suites with “export” in the title indicate that they are intended for use
outside of the domestic United States and that they have encryption algorithms
with limited key sizes.
Table 4-1 SSL Cipher Suites Supported by the CSS
Cipher Suite Exportable
Authentication
Certificate Used
Key Exchange
Algorithm
Used
all-cipher-suites No RSA certificate, DSA
certificate
RSA key exchange,
Diffie-Hellman
rsa-with-rc4-128-md5 No RSA certificate RSA key exchange
rsa-with-rc4-128-sha No RSA certificate RSA key exchange
rsa-with-des-cbc-sha No RSA certificate RSA key exchange
rsa-with-3des-ede-cbc-sha No RSA certificate RSA key exchange
dhe-dss-with-des-cbc-sha No DSA (DSS) certificate Ephemeral
Diffie-Hellman
dhe-dss-with-3des-ede-cbc-sha No DSA (DSS) certificate Ephemeral
Diffie-Hellman
dhe-rsa-with-des-cbc-sha No RSA certificate Ephemeral
Diffie-Hellman key
exchange
To Next Page
Loading...
Need help?
General
