F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

1121

Table Of Contents

1098

<Sysname> system-view

[Sysname] ssl server-policy policy1

[Sysname-ssl-server-policy-policy1] pki-domain server-domain

# Configure SSL client policy policy1 to use PKI domain client-domain.

<Sysname> system-view

[Sysname] ssl client-policy policy1

[Sysname-ssl-client-policy-policy1] pki-domain client-domain

Related commands

• display ssl server-policy

• display ssl client-policy

prefer-cipher

Use prefer-cipher to specify the preferred cipher suite for an SSL client policy.

Use undo prefer-cipher to restore the default.

Syntax

In non-FIPS mode:

prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_3des_ede_cbc_sha |

rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 |

rsa_rc4_128_sha }

undo prefer-cipher

In FIPS mode:

prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_aes_128_cbc_sha |

rsa_aes_256_cbc_sha }

undo prefer-cipher

Default

The preferred cipher suite for an SSL client policy is rsa_rc4_128_md5.

Views

SSL client policy view

Default command level

2: System level

Parameters

dhe_rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of DH_RSA, the data encryption

algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA.

dhe_rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of DH_RSA, the data encryption

algorithm of 256-bit AES_CBC, and the MAC algorithm of SHA.

rsa_3des_ede_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of

3DES_EDE_CBC, and the MAC algorithm of SHA.

rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of

128-bit AES_CBC, and the MAC algorithm of SHA.