To Next Page

To Previous Page

729

rsa_aes_256_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data

encryption algorithm 256-bit AES_CBC, and MAC algorithm SHA.

rsa_des_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data

encryption algorithm DES_CBC, and MAC algorithm SHA.

rsa_rc4_128_md5: Specifies the cipher suite that uses key exchange algorithm RSA, data

encryption algorithm 128-bit RC4, and MAC algorithm MD5.

rsa_rc4_128_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data

encryption algorithm 128-bit RC4, and MAC algorithm SHA.

Usage guidelines

SSL employs the following algorithms:

• Data encryption algorithms—Encrypt data to ensure privacy. Commonly used data

encryption algorithms are usually symmetric key algorithms, such as DES_CBC,

3DES_EDE_CBC, AES_CBC, and RC4. When using a symmetric key algorithm, the SSL

server and the SSL client must use the same key.

• Message Authentication Code (MAC) algorithms—Calculate the MAC value for data to

ensure integrity. Commonly used MAC algorithms include MD5 and SHA. When using a MAC

algorithm, the SSL server and the SSL client must use the same key.

• Key exchange algorithms—Implement secure exchange of the keys used by the symmetric

key algorithm and the MAC algorithm. Commonly used key exchange algorithms are

asymmetric key algorithms, such as RSA.

The SSL client sends the preferred cipher suite to the SSL server. The server compares the received

cipher suite with the cipher suits it supports. If a match is found, the cipher suite negotiation

succeeds. If no match is found, the negotiation fails.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure SSL client policy policy1 to support key exchange algorithm RSA, data encryption

algorithm 128-bit AES_CBC, and MAC algorithm SHA.

<Sysname> system-view

[Sysname] ssl client-policy policy1

[Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_sha

Related commands

ciphersuite

display ssl client-policy

server-verify enable

Use server-verify enable to enable the SSL client to use digital certificates to authenticate SSL

servers.

Use undo server-verify enable to disable SSL server authentication. The SSL client does not

authenticate any SSL servers.

Syntax

server-verify enable

undo server-verify enable

Default

The SSL client uses digital certificates to authenticate SSL servers.

Other manuals for H3C MSR Series

Manual33 pages

Probe Command Reference28 pages

Configuration Guide80 pages

Troubleshooting Guide28 pages

User Guide26 pages

Questions and Answers:

Need help?

Do you have a question about the H3C MSR Series and is the answer not in the manual?

H3C MSR Series Specifications

General

Category	Network Router
IPv6 Support	Yes
Dimensions	Varies by model
Weight	Varies by model
Product Type	Modular Router
Ports	Varies by model
WAN Interfaces	Varies by model
Firewall	Yes
QoS	Yes
Wireless Support	Varies by model
USB Ports	Varies by model
Console Port	Yes
Power Supply	Varies by model
Redundancy	Varies by model
Operating Temperature	0°C to 45°C
Storage Temperature	-40°C to 70°C
Humidity	5% to 95% non-condensing
Series	MSR
Certifications	CE, FCC, RoHS