Ssl Commands; Ciphersuite - HPE FlexFabric 7900 Series Security Command Reference

SSL commands

The SSL feature is available in Release 2137 and later versions.
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for
features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more
information about FIPS mode, see Security Configuration Guide.

ciphersuite

Use ciphersuite to specify the cipher suites supported by an SSL server policy.
Use undo ciphersuite to restore the default.
Syntax
In non-FIPS mode:
ciphersuite
exp_rsa_des_cbc_sha | exp_rsa_rc2_md5 | exp_rsa_rc4_md5 | rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha | rsa_aes_256_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 |
rsa_rc4_128_sha } *
undo ciphersuite
In FIPS mode:
ciphersuite { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_aes_128_cbc_sha
| rsa_aes_256_cbc_sha } *
undo ciphersuite
Default
An SSL server policy supports all cipher suites.
Views
SSL server policy view
Predefined user roles
network-admin
mdc-admin
Parameters
dhe_rsa_aes_128_cbc_sha: Specifies the key exchange algorithm DHE RSA, the data encryption
algorithm 128-bit AES, and the MAC algorithm SHA.
dhe_rsa_aes_256_cbc_sha: Specifies the key exchange algorithm DHE RSA, the data encryption
algorithm 256-bit AES, and the MAC algorithm SHA.
exp_rsa_des_cbc_sha: Specifies the export cipher suite that uses the key exchange algorithm
RSA, the data encryption algorithm DES_CBC, and the MAC algorithm SHA.
exp_rsa_rc2_md5: Specifies the export cipher suite that uses the key exchange algorithm RSA, the
data encryption algorithm RC2, and the MAC algorithm MD5.
exp_rsa_rc4_md5: Specifies the export cipher suite that uses the key exchange algorithm RSA, the
data encryption algorithm RC4, and the MAC algorithm MD5.
rsa_3des_ede_cbc_sha: Specifies the key exchange algorithm RSA, the data encryption algorithm
3DES_EDE_CBC, and the MAC algorithm SHA.
{ dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha
163
|