R0106-HP MSR Router Series Security Configuration Guide(V7)
362
Ste
p
Command
Remarks
4. Specify the preferred cipher suite
for the SSL client policy.
• Low encryption:
prefer-cipher
{ exp_rsa_des_cbc_sha |
rsa_des_cbc_sha }
• High encryption (in non-FIPS
mode):
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
• In FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
• Low encryption:
The default preferred cipher
suite is rsa_des_cbc_sha.
• High encryption (in non-FIPS
mode):
The default preferred cipher
suite is rsa_rc4_128_md5.
• In FIPS mode:
The default preferred cipher
suite is sa_aes_128_cbc_sha.
5. Specify the SSL version for the SSL
client policy.
• In non-FIPS mode:
version { ssl3.0 | tls1.0 }
• In FIPS mode:
version tls1.0
By default, an SSL client policy
uses TLS 1.0.
6. Enable the SSL client to
authenticate servers through
digital certificates.
server-verify enable The default setting is enabled.
Displaying and maintaining SSL
Execute display commands in any view.
Task Command
Display SSL server policy information. display ssl server-policy [ policy-name ]
Display SSL client policy information. display ssl client-policy [ policy-name ]