exp_rsa_des_cbc_sha: Specifies the export cipher suite that uses the key exchange algorithm RSA, the
data encryption algorithm DES_CBC, and the MAC algorithm SHA.
exp_rsa_rc2_md5: Specifies the export cipher suite that uses the key exchange algorithm RSA, the data
encryption algorithm RC2, and the MAC algorithm MD5.
exp_rsa_rc4_md5: Specifies the export cipher suite that uses the key exchange algorithm RSA, the data
encryption algorithm RC4, and the MAC algorithm MD5.
rsa_3des_ede_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm
3DES_EDE_CBC, and the MAC algorithm SHA.
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit
AES_CBC, and the MAC algorithm SHA.
rsa_aes_256_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 256-bit
AES_CBC, and the MAC algorithm SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm DES_CBC,
and the MAC algorithm SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit
RC4, and the MAC algorithm MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4,
and the MAC algorithm SHA.
Usage guidelines
SSL employs the following algorithms:
• Data encryption algorithms—Encrypt data to ensure privacy. Commonly used data encryption
algorithms are usually symmetric key algorithms, such as DES_CBC, 3DES_EDE_CBC, AES_CBC,
and RC4. When using a symmetric key algorithm, the SSL server and the SSL client must use the
same key.
• Message Authentication Code (MAC) algorithms—Calculate the MAC value for data to ensure
integrity. Commonly used MAC algorithms include MD5 and SHA. When using a MAC algorithm,
the SSL server and the SSL client must use the same key.
• Key exchange algorithms—Implement secure exchange of the keys used by the symmetric key
algorithm and the MAC algorithm. Commonly used key exchange algorithms are usually
asymmetric key algorithms, such as RSA.
After the SSL server receives a cipher suite from a client, the server matches the received cipher suite
against the cipher suits it supports. If a match is found, the cipher suite negotiation succeeds. Otherwise,
the negotiation fails.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the SSL server policy policy1 to support the cipher suite that uses key exchange algorithm
RSA, data encryption algorithm 128-bit AES, and MAC algorithm SHA
<Sysname> system-view
269
To Next Page
Loading...
Need help?
General
