Ciphersuites; Configuring Secure Http Servers And Clients - Cisco Catalyst 3750-E Software Configuration Manual

Hide thumbs Also See for Catalyst 3750-E:
Table of Contents

Advertisement

Chapter 9
Configuring Switch-Based Authentication

CipherSuites

A CipherSuite specifies the encryption algorithm and the digest algorithm to use on a SSL connection.
When connecting to the HTTPS server, the client Web browser offers a list of supported CipherSuites,
and the client and server negotiate the best encryption algorithm to use from those on the list that are
supported by both. For example, Netscape Communicator 4.76 supports U.S. security with RSA Public
Key Cryptography, MD2, MD5, RC2-CBC, RC4, DES-CBC, and DES-EDE3-CBC.
For the best possible encryption, you should use a client browser that supports 128-bit encryption, such
as Microsoft Internet Explorer Version 5.5 (or later) or Netscape Communicator Version 4.76 (or later).
The SSL_RSA_WITH_DES_CBC_SHA CipherSuite provides less security than the other CipherSuites,
as it does not offer 128-bit encryption.
The more secure and more complex CipherSuites require slightly more processing time. This list defines
the CipherSuites supported by the switch and ranks them from fastest to slowest in terms of router
processing load (speed):
1.
2.
3.
4.
RSA (in conjunction with the specified encryption and digest algorithm combinations) is used for both
key generation and authentication on SSL connections. This usage is independent of whether or not a
CA trustpoint is configured.

Configuring Secure HTTP Servers and Clients

These sections contain this configuration information:
Default SSL Configuration
The standard HTTP server is enabled.
SSL is enabled.
No CA trustpoints are configured.
No self-signed certificates are generated.
OL-9775-08
SSL_RSA_WITH_DES_CBC_SHA—RSA key exchange (RSA Public Key Cryptography) with
DES-CBC for message encryption and SHA for message digest
SSL_RSA_WITH_RC4_128_MD5—RSA key exchange with RC4 128-bit encryption and MD5 for
message digest
SSL_RSA_WITH_RC4_128_SHA—RSA key exchange with RC4 128-bit encryption and SHA for
message digest
SSL_RSA_WITH_3DES_EDE_CBC_SHA—RSA key exchange with 3DES and DES-EDE3-CBC
for message encryption and SHA for message digest
Default SSL Configuration, page 9-51
SSL Configuration Guidelines, page 9-52
Configuring a CA Trustpoint, page 9-52
Configuring the Secure HTTP Server, page 9-53
Configuring the Secure HTTP Client, page 9-54
Configuring the Switch for Secure Socket Layer HTTP
Catalyst 3750-E and 3560-E Switch Software Configuration Guide
9-51

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Catalyst3560-e

Table of Contents