Step
6.
Specify the cipher suites that
the SSL server policy supports.
7.
Set the maximum number of
sessions that the SSL server
can cache and the session
cache timeout time.
Command
•
In non-FIPS mode:
ciphersuite
{ dhe_rsa_aes_128_cbc_sha |
dhe_rsa_aes_128_cbc_sha2
56 |
dhe_rsa_aes_256_cbc_sha |
dhe_rsa_aes_256_cbc_sha2
56 |
ecdhe_ecdsa_aes_128_cbc_
sha256 |
ecdhe_ecdsa_aes_128_gcm_
sha256 |
ecdhe_ecdsa_aes_256_cbc_
sha384 |
ecdhe_ecdsa_aes_256_gcm_
sha384 |
ecdhe_rsa_aes_128_cbc_sh
a256 |
ecdhe_rsa_aes_128_gcm_sh
a256 |
ecdhe_rsa_aes_256_cbc_sh
a384 |
ecdhe_rsa_aes_256_gcm_sh
a384 | exp_rsa_des_cbc_sha
| exp_rsa_rc2_md5 |
exp_rsa_rc4_md5 |
rsa_3des_ede_cbc_sha |
rsa_aes_128_cbc_sha |
rsa_aes_128_cbc_sha256 |
rsa_aes_256_cbc_sha |
rsa_aes_256_cbc_sha256 |
rsa_des_cbc_sha |
rsa_rc4_128_md5 |
rsa_rc4_128_sha } *
•
In FIPS mode:
ciphersuite
{ ecdhe_ecdsa_aes_128_cbc
_sha256 |
ecdhe_ecdsa_aes_256_cbc_
sha384 |
ecdhe_ecdsa_aes_128_gcm_
sha256 |
ecdhe_ecdsa_aes_256_gcm_
sha384 |
ecdhe_rsa_aes_128_cbc_sh
a256 |
ecdhe_rsa_aes_128_gcm_sh
a256 |
ecdhe_rsa_aes_256_cbc_sh
a384 |
ecdhe_rsa_aes_256_gcm_sh
a384 | rsa_aes_128_cbc_sha |
rsa_aes_128_cbc_sha256 |
rsa_aes_256_cbc_sha |
rsa_aes_256_cbc_sha256 } *
session { cachesize size | timeout
time }
372
Remarks
By default, an SSL server
policy supports all cipher
suites.
By default, the SSL server
can cache a maximum of
500 sessions, and the
session cache timeout time
is 3600 seconds.