HP FlexNetwork MSR Series Command Reference Manual page 663
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Default
An SSL server policy supports all cipher suites.
Views
SSL server policy view
Predefined user roles
network-admin
Parameters
dhe_rsa_aes_128_cbc_sha: Specifies the cipher suite that uses key exchange algorithm DHE
RSA, data encryption algorithm 128-bit AES, and MAC algorithm SHA.
dhe_rsa_aes_256_cbc_sha: Specifies the cipher suite that uses key exchange algorithm DHE
RSA, data encryption algorithm 256-bit AES, and MAC algorithm SHA.
exp_rsa_des_cbc_sha: Specifies the export cipher suite that uses key exchange algorithm RSA,
data encryption algorithm DES_CBC, and MAC algorithm SHA.
exp_rsa_rc2_md5: Specifies the export cipher suite that uses key exchange algorithm RSA, data
encryption algorithm RC2, and MAC algorithm MD5.
exp_rsa_rc4_md5: Specifies the export cipher suite that uses key exchange algorithm RSA, data
encryption algorithm RC4, and MAC algorithm MD5.
rsa_3des_ede_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data
encryption algorithm 3DES_EDE_CBC, and MAC algorithm SHA.
rsa_aes_128_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data
encryption algorithm 128-bit AES_CBC, and MAC algorithm SHA.
rsa_aes_256_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data
encryption algorithm 256-bit AES_CBC, and MAC algorithm SHA.
rsa_des_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data
encryption algorithm DES_CBC, and MAC algorithm SHA.
rsa_rc4_128_md5: Specifies the cipher suite that uses key exchange algorithm RSA, data
encryption algorithm 128-bit RC4, and MAC algorithm MD5.
rsa_rc4_128_sha: Specifies the cipher suite that uses key exchange algorithm RSA, data
encryption algorithm 128-bit RC4, and MAC algorithm SHA.
Usage guidelines
SSL employs the following algorithms:
•
Data encryption algorithms—Encrypt data to ensure privacy. Commonly used data
encryption algorithms are usually symmetric key algorithms, such as DES_CBC,
3DES_EDE_CBC, AES_CBC, and RC4. When using a symmetric key algorithm, the SSL
server and the SSL client must use the same key.
•
Message Authentication Code (MAC) algorithms—Calculate the MAC value for data to
ensure integrity. Commonly used MAC algorithms include MD5 and SHA. When using a MAC
algorithm, the SSL server and the SSL client must use the same key.
•
Key exchange algorithms—Implement secure exchange of the keys used by the symmetric
key algorithm and the MAC algorithm. Commonly used key exchange algorithms are usually
asymmetric key algorithms, such as RSA.
After the SSL server receives a cipher suite from a client, the server compares the received cipher
suite with the cipher suits it supports. If a match is found, the cipher suite negotiation succeeds. If no
match is found, the negotiation fails.
If you execute this command multiple times, the most recent configuration takes effect.
645
Advertisement
