prefer-cipher
Syntax
In non-FIPS mode:
prefer-cipher { rsa_aes_128_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha }
undo prefer-cipher
In FIPS mode:
prefer-cipher { dhe_rsa_aes_128_cbc_sha | rsa_aes_128_cbc_sha }
undo prefer-cipher
View
SSL client policy view
Default level
2: System level
Parameters
dhe_rsa_aes_128_cbc_sha: Specifies the key exchange algorithm DHE RSA, the data encryption algorithm 128-bit AES_CBC, and the MAC algorithm SHA.
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit AES_CBC, and the MAC algorithm SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm DES_CBC, and the MAC algorithm SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4, and the MAC algorithm MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4, and the MAC algorithm SHA.
Description
Use prefer-cipher to specify the preferred cipher suite for an SSL client policy.
Use undo prefer-cipher to restore the default.
By default, the preferred cipher suite for an SSL client policy is rsa_rc4_128_md5.
Related commands: display ssl client-policy.
Examples
# Set the preferred cipher suite for SSL client policy policy1 to rsa_aes_128_cbc_sha.
<Sysname> system-view [Sysname] ssl client-policy policy1 [Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_sha