F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

1121

Table Of Contents

1099

rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of

256-bit AES_CBC, and the MAC algorithm of SHA.

rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of

DES_CBC, and the MAC algorithm of SHA.

rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of

128-bit RC4, and the MAC algorithm of MD5.

rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit

RC4, and the MAC algorithm of SHA.

The following matrix shows the keywords rsa_3des_ede_cbc_sha and rsa_aes_256_cbc_sha and

firewalls and UTM compatibility:

Hardware Ke

words com

atible

F1000-A-EI/F1000-S-EI Yes

F1000-E Yes

F5000 No

Firewall module Yes

U200-A Yes

U200-S No

Examples

# Set the preferred cipher suite for SSL client policy policy1 to rsa_aes_128_cbc_sha.

<Sysname> system-view

[Sysname] ssl client-policy policy1

[Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_sha

Related commands

display ssl client-policy

server-verify enable

Use server-verify enable to enable certificate-based SSL server authentication so that the SSL client

authenticates the server by the server’s certificate during the SSL handshake process.

Use undo server-verify enable to disable certificate-based SSL server authentication. When

certificate-based SSL server authentication is disabled, it is assumed that the SSL server is valid.

Syntax

server-verify enable

undo server-verify enable

Default

Certificate-based SSL server authentication is enabled.

Views

SSL client policy view