# ciphersuite

## Syntax

In non-FIPS mode:

**ciphersuite** [ **rsa_aes_128_cbc_sha** | **rsa_des_cbc_sha** | **rsa_rc4_128_md5** | **rsa_rc4_128_sha** ] *

In FIPS mode:

**ciphersuite** [ **dhe_rsa_aes_128_cbc_sha**** | ****rsa_aes_128_cbc_sha** ] *

## View

SSL server policy view

## Default level

2: System level

## Parameters

**dhe_rsa_aes_128_cbc_sha**: Specifies the key exchange algorithm DHE RSA, the data encryption algorithm 128-bit AES_CBC, and the MAC algorithm SHA.

**rsa_aes_128_cbc_sha**: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit AES_CBC, and the MAC algorithm SHA.

**rsa_****d****es_cbc_sha**: Specifies the key exchange algorithm RSA, the data encryption algorithm DES_CBC, and the MAC algorithm SHA.

**rsa_****rc4****_128_****md5**: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4, and the MAC algorithm MD5.

**rsa_****rc4****_128_****sha**: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4, and the MAC algorithm SHA.

## Description

Use **ciphersuite** to specify the cipher suites for an SSL server policy to support.

By default, an SSL server policy supports all cipher suites.

With no keyword specified, the command configures an SSL server policy to support all cipher suites.

If you execute the command repeatedly, the last one takes effect.

Related commands: **display ****ssl**** server-****policy**.

## Examples

# Configure SSL server policy policy1 to support cipher suites **rsa_rc4_128_md5** and **rsa_rc4_128_sha**.

<Sysname> system-view [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] ciphersuite rsa_rc4_128_md5 rsa_rc4_128_sha