ciphersuite
Syntax
In non-FIPS mode:
ciphersuite [ rsa_aes_128_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha ] *
In FIPS mode:
ciphersuite [ dhe_rsa_aes_128_cbc_sha | rsa_aes_128_cbc_sha ] *
View
SSL server policy view
Default level
2: System level
Parameters
dhe_rsa_aes_128_cbc_sha: Specifies the key exchange algorithm DHE RSA, the data encryption algorithm 128-bit AES_CBC, and the MAC algorithm SHA.
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit AES_CBC, and the MAC algorithm SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm DES_CBC, and the MAC algorithm SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4, and the MAC algorithm MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4, and the MAC algorithm SHA.
Description
Use ciphersuite to specify the cipher suites for an SSL server policy to support.
By default, an SSL server policy supports all cipher suites.
With no keyword specified, the command configures an SSL server policy to support all cipher suites.
If you execute the command repeatedly, the last one takes effect.
Related commands: display ssl server-policy.
Examples
# Configure SSL server policy policy1 to support cipher suites rsa_rc4_128_md5 and rsa_rc4_128_sha.
<Sysname> system-view [Sysname] ssl server-policy policy1 [Sysname-ssl-server-policy-policy1] ciphersuite rsa_rc4_128_md5 rsa_rc4_128_sha