300
Parameters
rsa_3des_ede_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
3DES_EDE_CBC, and the MAC algorithm of SHA.
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit AES_CBC, and the MAC algorithm of SHA.
rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
256-bit AES_CBC, and the MAC algorithm of SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
DES_CBC, and the MAC algorithm of SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit
RC4, and the MAC algorithm of MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit
RC4, and the MAC algorithm of SHA.
Description
Use the prefer-cipher command to specify the preferred cipher suite for an SSL client policy.
Use the undo prefer-cipher command to restore the default.
By default, the preferred cipher suite for an SSL client policy is rsa_rc4_128_md5.
Related commands: display ssl client-policy.
Examples
# Set the preferred cipher suite for SSL client policy policy1 to rsa_aes_128_cbc_sha.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_sha
server-verify enable
Syntax
server-verify enable
undo server-verify enable
View
SSL client policy view
Default level
2: System level
Parameters
None
Description
Use the server-verify enable command to enable certificate-based SSL server authentication so that the
SSL client authenticates the server by the server’s certificate during the SSL handshake process.
Use the undo server-verify enable command to disable certificate-based SSL server authentication. When
certificate-based SSL server authentication is disabled, it is assumed that the SSL server is valid.
To Next Page
Loading...
Need help?
General
