exp_rsa_des_cbc_sha: Specifies the export cipher suite that uses the key exchange algorithm RSA, the
data encryption algorithm DES_CBC, and the MAC algorithm SHA.
exp_rsa_rc2_md5: Specifies the export cipher suite that uses the key exchange algorithm RSA, the data
encryption algorithm RC2, and the MAC algorithm MD5.
exp_rsa_rc4_md5: Specifies the export cipher suite that uses the key exchange algorithm RSA, the data
encryption algorithm RC4, and the MAC algorithm MD5.
rsa_3des_ede_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm
3DES_EDE_CBC, and the MAC algorithm SHA.
rsa_aes_128_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit
AES_CBC, and the MAC algorithm SHA.
rsa_aes_256_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 256-bit
AES_CBC, and the MAC algorithm SHA.
rsa_des_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm DES_CBC,
and the MAC algorithm SHA.
rsa_rc4_128_md5: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit
RC4, and the MAC algorithm MD5.
rsa_rc4_128_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm 128-bit RC4,
and the MAC algorithm SHA.
Usage guidelines
SSL employs the following algorithms:
Data encryption algorithms—Encrypt data to ensure privacy. Commonly used data encryption
•
algorithms are usually symmetric key algorithms, such as DES_CBC, 3DES_EDE_CBC, AES_CBC,
and RC4. When using a symmetric key algorithm, the SSL server and the SSL client must use the
same key.
•
Message Authentication Code (MAC) algorithms—Calculate the MAC value for data to ensure
integrity. Commonly used MAC algorithms include MD5 and SHA. When using a MAC algorithm,
the SSL server and the SSL client must use the same key.
Key exchange algorithms—Implement secure exchange of the keys used by the symmetric key
•
algorithm and the MAC algorithm. Commonly used key exchange algorithms are usually
asymmetric key algorithms, such as RSA.
After the SSL server receives a cipher suite from a client, the server matches the received cipher suite
against the cipher suits it supports. If a match is found, the cipher suite negotiation succeeds. Otherwise,
the negotiation fails.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the SSL server policy policy1 to support the cipher suite that uses key exchange algorithm
RSA, data encryption algorithm 128-bit AES, and MAC algorithm SHA
<Sysname> system-view
269