Manualshelf

R2511-HP MSR Router Series Security Command Reference(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
461462463464465466467468469470
448
SSL configuration commands
For encryption, SSL needs an encryption daughter card. MSR900, MSR93X and MSR20-1X routers do
not support encryption daughter cards.
The following matrix shows the FIPS and hardware compatibility:
Hardware FIPS mode
MSR900 No.
MSR93X No.
MSR20-1X No.
MSR20 Yes.
MSR30 Yes (except the MSR30-16).
MSR50 Yes.
MSR1000 Yes.
ciphersuite
Use ciphersuite to specify the cipher suites for an SSL server policy to support.
Syntax
In non-FIPS mode:
ciphersuite [ rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha |
rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha ] *
In FIPS mode:
ciphersuite [ dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha ] *
Default
An SSL server policy supports all cipher suites.
Views
SSL server policy view
Default command level
2: System level
Parameters
dhe_rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of DH_RSA, the data encryption
algorithm of 128-bit AES_CBC, and the MAC algorithm of SHA.
dhe_rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of DH_RSA, the data encryption
algorithm of 256-bit AES_CBC, and the MAC algorithm of SHA.