Step
6.
Specify the cipher suites that
the SSL server policy supports.
Command
•
In non-FIPS mode:
ciphersuite
{ dhe_rsa_aes_128_cbc_sh
a |
dhe_rsa_aes_128_cbc_sha
256 |
dhe_rsa_aes_256_cbc_sha
|
dhe_rsa_aes_256_cbc_sha
256 |
ecdhe_rsa_aes_128_cbc_s
ha256 |
ecdhe_rsa_aes_256_cbc_s
ha384 |
ecdhe_rsa_aes_128_gcm_s
ha256 |
ecdhe_rsa_aes_256_gcm_s
ha384 |
ecdhe_ecdsa_aes_128_cbc
_sha256 |
ecdhe_ecdsa_aes_256_cbc
_sha384 |
ecdhe_ecdsa_aes_128_gc
m_sha256 |
ecdhe_ecdsa_aes_256_gc
m_sha384 |
exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_128_cbc_sha256 |
rsa_aes_256_cbc_sha |
rsa_aes_256_cbc_sha256 |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha } *
•
In FIPS mode:
ciphersuite
{ ecdhe_rsa_aes_128_cbc_
sha256 |
ecdhe_rsa_aes_256_cbc_s
ha384 |
ecdhe_rsa_aes_128_gcm_s
ha256 |
ecdhe_rsa_aes_256_gcm_s
ha384 |
ecdhe_ecdsa_aes_128_cbc
_sha256 |
ecdhe_ecdsa_aes_256_cbc
_sha384 |
ecdhe_ecdsa_aes_128_gc
m_sha256 |
ecdhe_ecdsa_aes_256_gc
m_sha384 |
rsa_aes_128_cbc_sha |
rsa_aes_128_cbc_sha256 |
rsa_aes_256_cbc_sha |
rsa_aes_256_cbc_sha256 }
*
236
Remarks
By default, an SSL server
policy supports all cipher
suites.