Manualshelf

F3215-HP Load Balancing Module Security Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
181182183184185186187188189190
176
SSL configuration commands
ciphersuite
Use ciphersuite to specify the cipher suites for an SSL server policy to support.
Syntax
ciphersuite [rsa_aes_128_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha ] *
Default
An SSL server policy supports all cipher suites.
Views
SSL server policy view
Default command level
2: System level
Parameters
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit AES_CBC, and the MAC algorithm of SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
DES_CBC, and the MAC algorithm of SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit RC4, and the MAC algorithm of MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit
RC4, and the MAC algorithm of SHA.
Usage guidelines
With no keyword specified, the command configures an SSL server policy to support all cipher suites.
If you execute the command multiple times, the most recent configuration takes effect.
Examples
# Configure SSL server policy policy1 to support cipher suites rsa_rc4_128_md5 and rsa_rc4_128_sha.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] ciphersuite rsa_rc4_128_md5 rsa_rc4_128_sha
Related commands
display ssl server-policy
client-verify enable
Use client-verify enable to configure the SSL server to require the client to pass certificate-based
authentication.
Use undo client-verify enable to restore the default.