Step
5.
Specify the preferred cipher
suite for the SSL client policy.
Specify the SSL version for the
6.
SSL client policy.
7.
Enable the SSL client to
authenticate servers through
digital certificates.
Displaying and maintaining SSL
Execute display commands in any view.
Task
Display SSL server policy information.
Display SSL client policy information.
Command
•
In non-FIPS mode:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_256_cbc_sha |
exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha }
•
In FIPS mode:
In Release 2307 and Release
2310:
prefer-cipher
{ dhe_rsa_aes_128_cbc_sha
| dhe_rsa_aes_256_cbc_sha
| rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
In Release 231 1P04 and later
versions:
prefer-cipher
{ rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha }
•
In non-FIPS mode:
version { ssl3.0 | tls1.0 }
•
In FIPS mode:
version tls1.0
server-verify enable
Command
display ssl server-policy [ policy-name ]
display ssl client-policy [ policy-name ]
313
Remarks
•
In non-FIPS mode:
The default preferred cipher
suite is rsa_rc4_128_md5.
•
In FIPS mode:
The default preferred cipher
suite is
sa_aes_128_cbc_sha.
By default, an SSL client policy
uses TLS 1.0.
The default setting is enabled.