R3721-F3210-F3171-HP High-End Firewalls Network Management Command Reference-6PW101
999
[Sysname-ssl-server-policy-policy1] pki-domain server-domain
# Configure SSL client policy policy1 to use PKI domain client-domain.
<Sysname> system-view
[Sysname] ssl client-policy policy1
[Sysname-ssl-client-policy-policy1] pki-domain client-domain
prefer-cipher
Syntax
In non-FIPS mode:
prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 |
rsa_rc4_128_sha }
undo prefer-cipher
In FIPS mode:
prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
undo prefer-cipher
View
SSL client policy view
Default level
2: System level
Parameters
dhe_rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of DH_RSA, the data encryption
algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA.
dhe_rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of DH_RSA, the data encryption
algorithm of 256-bit AES_CBC, and the MAC algorithm of SHA.
rsa_3des_ede_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
3DES_EDE_CBC, and the MAC algorithm of SHA.
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit AES_CBC, and the MAC algorithm of SHA.
rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
256-bit AES_CBC, and the MAC algorithm of SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
DES_CBC, and the MAC algorithm of SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit RC4, and the MAC algorithm of MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit
RC4, and the MAC algorithm of SHA.
The following matrix shows the keyword and firewall compatibility: