[x]

SSL configuration commands > prefer-cipher

 

 Next

prefer-cipher

Syntax

In non-FIPS mode:

prefer-cipher { rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha }

undo prefer-cipher

In FIPS mode:

prefer-cipher { rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha }

undo prefer-cipher

View

SSL client policy view

Default level

2: System level

Parameters

rsa_3des_ede_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 3DES_EDE_CBC, and the MAC algorithm of SHA.

rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA.

rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 256-bit AES_CBC, and the MAC algorithm of SHA.

rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of DES_CBC, and the MAC algorithm of SHA.

rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit RC4, and the MAC algorithm of MD5.

rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit RC4, and the MAC algorithm of SHA.

Description

Use prefer-cipher to specify the preferred cipher suite for an SSL client policy.

Use undo prefer-cipher to restore the default.

By default, the preferred cipher suite for an SSL client policy is rsa_rc4_128_md5.

Related commands: display ssl client-policy.

Examples

# Set the preferred cipher suite for SSL client policy policy1 to rsa_aes_128_cbc_sha.

<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_sha

prev

 

up

 next

pki-domain 

home

 server-verify enable

© Copyright 2016 Hewlett Packard Enterprise Development LP