HP VPN Firewall Appliances System Management and Maintenance Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

221

222

223

224

225

226

227

228

229

230

216

• aes256: Specifies the encryption algorithm aes256-cbc.

• des: Specifies the encryption algorithm des-cbc.

prefer-ctos-hmac: Specifies the preferred client-to-server HMAC algorithm. The default is sha1-96.

• md5: Specifies the HMAC algorithm hmac-md5.

• md5-96: Specifies the HMAC algorithm hmac-md5-96.

• sha1: Specifies the HMAC algorithm hmac-sha1.

• sha1-96: Specifies the HMAC algorithm hmac-sha1-96.

prefer-kex: Specifies the preferred key exchange algorithm. The default is dh-group-exchange in

non-FIPS mode, and is dh-group14 in FIPS mode.

• dh-group-exchange: Specifies the key exchange algorithm diffie-hellman-group-exchange-sha1.

• dh-group1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.

• dh-group14: Specifies the key exchange algorithm diffie-hellman-group14-sha1.

prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is aes128.

prefer-stoc-hmac: Specifies the preferred server-to-client HMAC algorithm. The default is sha1-96.

Usage guidelines

When the server adopts publickey authentication to authenticate a client, the client must get the local

private key for digital signature. In non-FIPS mode, because the publickey authentication uses either RSA

or DSA algorithm, you must specify the public key algorithm of the client (by using the identity-key

keyword) in order to get the correct local private key.

In non-FIPS mode, the default algorithms are as follows:

• The public key algorithm is dsa.

• The preferred client-to-server encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is sha1-96.

• The preferred key exchange algorithm is dh-group-exchange.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred server-to-client HMAC algorithm is sha1-96.

In FIPS mode, the default algorithms are as follows:

• The public key algorithm is rsa.

• The preferred client-to-server encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is sha1-96.

• The preferred key exchange algorithm is dh-group14.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred server-to-client HMAC algorithm is sha1-96.

Examples

# Connect to SFTP server 10.1.1.2, using the following connection scheme:

• The preferred key exchange algorithm is dh-group1.

• The preferred server-to-client encryption algorithm is aes128.

• The preferred client-to-server HMAC algorithm is md5.

• The preferred server-to-client HMAC algorithm from is sha1-96.