422
exp_rsa_rc4_md5: Specifies the export cipher suite that uses the key exchange algorithm RSA, the data
encryption algorithm RC4, and the MAC algorithm MD5.
rsa_3des_ede_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm
3DES_EDE_CBC, and the MAC algorithm SHA.
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit
AES_CBC, and the MAC algorithm SHA.
rsa_aes_256_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 256-bit
AES_CBC, and the MAC algorithm SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm DES_CBC,
and the MAC algorithm SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit
RC4, and the MAC algorithm MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4,
and the MAC algorithm SHA.
Usage guidelines
SSL employs the following algorithms:
• Data encryption algorithms—Encrypt data to ensure privacy. Commonly used data encryption
algorithms are usually symmetric key algorithms, such as DES_CBC, 3DES_EDE_CBC, AES_CBC,
and RC4. When using a symmetric key algorithm, the SSL server and the SSL client must use the
same key.
• Message Authentication Code (MAC) algorithms—Calculate the MAC value for data to ensure
integrity. Commonly used MAC algorithms include MD5 and SHA. When using a MAC algorithm,
the SSL server and the SSL client must use the same key.
• Key exchange algorithms—Implement secure exchange of the keys used by the symmetric key
algorithm and the MAC algorithm. Commonly used key exchange algorithms are usually
asymmetric key algorithms, such as RSA.
After the SSL server receives a cipher suite from a client, the server matches the received cipher suite
against the cipher suits it supports. If a match is found, the cipher suite negotiation succeeds. Otherwise,
the negotiation fails.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure SSL server policy policy1 to support the following cipher suites:
• Key exchange algorithm DHE RSA, data encryption algorithm 128-bit AES, and MAC algorithm
SHA
• Key exchange algorithm RSA, data encryption algorithm 128-bit AES, and MAC algorithm SHA
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] ciphersuite dhe_rsa_aes_128_cbc_sha
rsa_aes_128_cbc_sha
Related commands
• display ssl server-policy
• prefer-cipher
To Next Page
Loading...
Need help?
General
