prefer-cipher

Syntax

In non-FIPS mode:

prefer-cipher { rsa_aes_128_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha }

undo prefer-cipher

In FIPS mode:

prefer-cipher { dhe_rsa_aes_128_cbc_sha | rsa_aes_128_cbc_sha }

undo prefer-cipher

View

SSL client policy view

Default level

2: System level

Parameters

dhe_rsa_aes_128_cbc_sha: Specifies the key exchange algorithm DHE RSA, the data encryption algorithm 128-bit AES_CBC, and the MAC algorithm SHA.

rsa_aes_128_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit AES_CBC, and the MAC algorithm SHA.

rsa_des_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm DES_CBC, and the MAC algorithm SHA.

rsa_rc4_128_md5: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4, and the MAC algorithm MD5.

rsa_rc4_128_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4, and the MAC algorithm SHA.

Description

Use prefer-cipher to specify the preferred cipher suite for an SSL client policy.

Use undo prefer-cipher to restore the default.

By default, the preferred cipher suite for an SSL client policy is rsa_rc4_128_md5.

Related commands: display ssl client-policy.

Examples

# Set the preferred cipher suite for SSL client policy policy1 to rsa_aes_128_cbc_sha.

<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_sha