Ssl Commands; Ssl Server Policy Configuration Commands; Ciphersuite - HP MSR Series Command Reference Manual

SSL commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Security Configuration Guide.

SSL server policy configuration commands

ciphersuite

Use ciphersuite to specify the cipher suites supported by an SSL server policy.
Use undo ciphersuite to restore the default.
Syntax
In non-FIPS mode:
ciphersuite { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | exp_rsa_des_cbc_sha |
exp_rsa_rc2_md5 | exp_rsa_rc4_md5 | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha | rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha } *
undo ciphersuite
In FIPS mode:
ciphersuite { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_256_cbc_sha | rsa_aes_128_cbc_sha |
rsa_aes_256_cbc_sha } *
undo ciphersuite
Default
An SSL server policy supports all cipher suites.
Views
SSL server policy view
Predefined user roles
network-admin
Parameters
dhe_rsa_aes_128_cbc_sha: Specifies the export cipher suite that uses the key exchange algorithm DHE
RSA, the data encryption algorithm 128-bit AES, and the MAC algorithm SHA.
dhe_rsa_aes_256_cbc_sha: Specifies the export cipher suite that uses the key exchange algorithm DHE
RSA, the data encryption algorithm 256-bit AES, and the MAC algorithm SHA.
exp_rsa_des_cbc_sha: Specifies the export cipher suite that uses the key exchange algorithm RSA, the
data encryption algorithm DES_CBC, and the MAC algorithm SHA.
exp_rsa_rc2_md5: Specifies the export cipher suite that uses the key exchange algorithm RSA, the data
encryption algorithm RC2, and the MAC algorithm MD5.
421