Table of Contents
Advertisement
•
x509v3-ecdsa-sha2-nistp256: Specifies the public key algorithm
x509v3-ecdsa-sha2-nistp256.
•
x509v3-ecdsa-sha2-nistp384: Specifies the public key algorithm
x509v3-ecdsa-sha2-nistp384.
•
pki-domain domain-name: Specifies the PKI domain of the client's certificate. The
domain-name argument is a case-insensitive string of 1 to 31 characters. When the x509v3
public key algorithm is used, you must specify this option for the client to get the correct local
certificate.
prefer-compress: Specifies the preferred compression algorithm for data compression between the
server and the client. By default, compression is not supported.
zlib: Specifies the compression algorithm zlib.
prefer-ctos-cipher: Specifies the preferred client-to-server encryption algorithm. The default is
aes128-ctr. Supported algorithms are des-cbc, 3des-cbc, aes128-cbc, aes128-ctr, aes128-gcm,
aes192-ctr, aes256-cbc, aes256-ctr, and aes256-gcm, in ascending order of security strength and
computation time.
•
3des-cbc: Specifies the encryption algorithm 3des-cbc.
•
aes128-cbc: Specifies the encryption algorithm aes128-cbc.
•
aes128-ctr: Specifies the encryption algorithm aes128-ctr.
•
aes128-gcm: Specifies the encryption algorithm aes128-gcm.
•
aes192-ctr: Specifies the encryption algorithm aes192-ctr.
•
aes256-cbc: Specifies the encryption algorithm aes256-cbc.
•
aes256-ctr: Specifies the encryption algorithm aes256-ctr.
•
aes256-gcm: Specifies the encryption algorithm aes256-gcm.
•
des-cbc: Specifies the encryption algorithm des-cbc.
prefer-ctos-hmac: Specifies the preferred client-to-server HMAC algorithm. The default is
sha2-256. Supported algorithms are md5, md5-96, sha1, sha1-96, sha2-256, and sha2-512, in
ascending order of security strength and computation time.
•
md5: Specifies the HMAC algorithm hmac-md5.
•
md5-96: Specifies the HMAC algorithm hmac-md5-96.
•
sha1: Specifies the HMAC algorithm hmac-sha1.
•
sha1-96: Specifies the HMAC algorithm hmac-sha1-96.
•
sha2-256: Specifies the HMAC algorithm hmac-sha2-256.
•
sha2-512: Specifies the HMAC algorithm hmac-sha2-512.
prefer-kex: Specifies the preferred key exchange algorithm. The default is ecdh-sha2-nistp256.
Supported algorithms are dh-group-exchange-sha1, dh-group1-sha1, dh-group14-sha1,
ecdh-sha2-nistp256, and ecdh-sha2-nistp384, in ascending order of security strength and
computation time.
•
dh-group-exchange-sha1: Specifies the key exchange algorithm
diffie-hellman-group-exchange-sha1.
•
dh-group1-sha1: Specifies the key exchange algorithm diffie-hellman-group1-sha1.
•
dh-group14-sha1: Specifies the key exchange algorithm diffie-hellman-group14-sha1.
•
ecdh-sha2-nistp256: Specifies the key exchange algorithm ecdh-sha2-nistp256.
•
ecdh-sha2-nistp384: Specifies the key exchange algorithm ecdh-sha2-nistp384.
prefer-stoc-cipher: Specifies the preferred server-to-client encryption algorithm. The default is
aes128-ctr. Supported algorithms are the same as the client-to-server encryption algorithms (see
the prefer-ctos-cipher keyword).
479
Advertisement
Table of Contents
