313
Ste
Command
Remarks
5. Specify the preferred cipher
suite for the SSL client policy.
• In non-FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
• In FIPS mode:
{ In Release 2307 and Release
2310:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha
| dhe_rsa_aes_256_cbc_sha
| rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
{ In Release 2311P04 and later
versions:
prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
• In non-FIPS mode:
The default preferred cipher
suite is rsa_rc4_128_md5.
• In FIPS mode:
The default preferred cipher
suite is
sa_aes_128_cbc_sha.
6. Specify the SSL version for the
SSL client policy.
• In non-FIPS mode:
version { ssl3.0 | tls1.0 }
• In FIPS mode:
version tls1.0
By default, an SSL client policy
uses TLS 1.0.
7. Enable the SSL client to
authenticate servers through
digital certificates.
server-verify enable The default setting is enabled.
Displaying and maintaining SSL
Execute display commands in any view.
Task Command
Display SSL server policy information. display ssl server-policy [ policy-name ]
Display SSL client policy information. display ssl client-policy [ policy-name ]
To Next Page
Loading...
