R2511-HP MSR Router Series Security Command Reference(V5)
449
rsa_3des_ede_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
3DES_EDE_CBC, and the MAC algorithm of SHA.
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit AES_CBC, and the MAC algorithm of SHA.
rsa_aes_256_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
256-bit AES_CBC, and the MAC algorithm of SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
DES_CBC, and the MAC algorithm of SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm of RSA, the data encryption algorithm of
128-bit RC4, and the MAC algorithm of MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm of RSA, the data encryption algorithm of 128-bit
RC4, and the MAC algorithm of SHA.
Usage guidelines
With no keyword specified, the command configures an SSL server policy to support all cipher suites.
If you execute the command multiple times, the most recent configuration takes effect.
Examples
# Configure SSL server policy policy1 to support cipher suites rsa_rc4_128_md5 and rsa_rc4_128_sha.
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] ciphersuite rsa_rc4_128_md5 rsa_rc4_128_sha
Related commands
display ssl server-policy
client-verify enable
Use client-verify enable to configure the SSL server to require the client to pass certificate-based
authentication.
Use undo client-verify enable to restore the default.
Syntax
client-verify enable
undo client-verify enable
Default
The SSL server does not require certificate-based SSL client authentication.
Views
SSL server policy view
Default command level
2: System level
Usage guidelines
If you configure the client-verify enable command and enable the SSL client weak authentication function,
whether the client must be authenticated is up to the client. If the client chooses to be authenticated, the