Table of Contents
Advertisement
Table 5. Available algorithm keywords for the cipher string (continued)
Algorithm keyword Meaning
eNULL or NULL
NULL ciphers offer no encryption at all and are a security
risk. These cipher suites are disabled unless explicitly
included.
The cipher suites offering no authentication. This is
aNULL
currently the anonymous DH algorithms. These cipher suites
are vulnerable to man-in-the-middle attacks. Use is normally
discouraged.
kRSA and RSA
Cipher suites using RSA key exchange.
Cipher suites using ephemeral DH key agreement.
kEDH
kDHr and kDHd
Cipher suites using DH key agreement and DH certificates
signed by Certificate Authorities with RSA and DSS keys
respectively. Not implemented.
Cipher suites using RSA authentication. This is, the
aRSA
certificates carry RSA keys.
aDSS and DSS
Cipher suites using DSS authentication. This is, the
certificates carry DSS keys.
Cipher suites effectively using DH authentication. This is,
aDH
the certificates carry DH keys. Not implemented.
kFZA, aFZA, eFZA or,
Cipher suites using FORTEZZA key exchange,
authentication, encryption, or all FORTEZZA algorithms.
FZA
Not implemented.
TLSv1, SSLv3, and
TLS version 1.0, SSL version 3.0, and SSL version 2.0 cipher
suites, respectively.
SSLv2
Cipher suites using DH, including anonymous DH.
DH
Anonymous DH cipher suites.
ADH
Cipher suites using triple DES.
3DES
Cipher suites using DES, except triple DES.
DES
Cipher suites using RC4.
RC4
Cipher suites using RC2.
RC2
Cipher suites using IDEA.
IDEA
Cipher suites using MD5.
MD5
SHA1 or SHA
Cipher suites using SHA-1.
Cipher suites using AES.
AES
The cipher string consists of one or more cipher keywords separated by
colons. Commas or spaces are acceptable separators, but colons are the
norm.
The cipher string can take different forms.
v A single cipher suite, such as RC4-SHA.
v A list of cipher suites that contains a certain algorithm, or cipher suites
of a certain type. For example SHA1 represents all ciphers suites using the
SHA-1 digest algorithm.
v A combination of single cipher string using the + character, which is
used as a logical AND operation. For example SHA1+DES represents all
cipher suites that contain the SHA-1 and the DES algorithms.
Chapter 11. Crypto configuration mode
233
Advertisement
Table of Contents
