Table of Contents
Advertisement
Cipher List Formats
The cipher list you specify for a virtual SSL server consists of one or more
cipher strings separated by colons (e.g. RC4:+RSA:+ALL:!NULL:!DH:!EX
PORT@STRENGTH). Lists of ciphers can be combined using a logical
and operation (+) (e.g. SHA1+DES represents all cipher suites containing
the SHA1 and the DES algorithms).
In the colon-separated list, any cipher string can be preceded by the
characters !, - or +. These characters serve as modifiers, with the following
meanings:
•
•
•
•
The default cipher list used for all virtual SSL servers on the VPN Gateway
is ALL@STRENGTH.
A cipher list consisting of the string RC4:ALL:!DH translates into a
preferred list of ciphers that begins with all ciphers using RC4 as the
encryption algorithm, followed by all cipher suites except the eNULL
ciphers (ALL). The final !DH string means that all cipher suites containing
the DH (Diffie-Hellman) cipher are removed from the list. (Few of the major
web browsers support these ciphers.)
Copyright © 2007-2008 Nortel Networks
.
! permanently deletes the ciphers from the list (e.g. !RSA).
- deletes the ciphers from the list, but the ciphers can be added again
by later options.
+ moves the ciphers to the end of the list. This option doesn't add any
new ciphers it just moves matching existing ones.
@STRENGTH is placed at the end of the cipher list, and sorts the list in
order of encryption algorithm key length.
Nortel VPN Gateway
NN46120-104 02.01 Standard
14 April 2008
Unable to download NetDirect from VPN server 179
User Guide
Advertisement
Table of Contents
