xStack DES-3500 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual
136
Configuration
This window will allow the user to enable SSL on the Switch and implement any one or combination of listed ciphersuites on the
Switch. A
ciphersuite
is a security string that determines the exact cryptographic parameters, specific encryption algorithms and
key sizes to be used for an authentication session. The Switch possesses four possible ciphersuites for the SSL function, which are
all enabled by default. To utilize a particular ciphersuite, disable the unwanted ciphersuites, leaving the desired one for
authentication.
When the SSL function has been enabled, the web will become disabled. To manage the Switch through the web based
management while utilizing the SSL function, the web browser must support SSL encryption and the header of the URL must
begin with https://. (Ex. https://10.90.90.90) Any other method will result in an error and no access can be authorized for the web-
based management.
To view the following window, click
Configuration > Secure Socket Layer (SSL) > Configuration
:
Figure 7- 23. Ciphersuite window
To set up the SSL function on the Switch, configure the following parameters and click
Apply
.
Parameter
Description
RSA with RC4 128
MD5
This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128-
bit keys and the MD5 Hash Algorithm. Use the pull-down menu to enable or disable this
ciphersuite. This field is
Enabled
by default.
RSA with 3DES EDE
CBC SHA
This ciphersuite combines the RSA key exchange, CBC Block Cipher 3DES_EDE encryption
and the SHA Hash Algorithm. Use the pull-down menu to enable or disable this ciphersuite.
This field is
Enabled
by default.
DHS DSS with 3DES
EDE CBC SHA
This ciphersuite combines the DSA Diffie Hellman key exchange, CBC Block Cipher
3DES_EDE encryption and SHA Hash Algorithm. Use the pull-down menu to enable or
disable this ciphersuite. This field is
Enabled
by default.
RSA EXPORT with
RC4 40 MD5
This ciphersuite combines the RSA Export key exchange and stream cipher RC4 encryption
with 40-bit keys. Use the pull-down menu to enable or disable this ciphersuite. This field is
Enabled
by default.
SSL Status
Use the pull-down menu to enable or disable the SSL status on the switch. The default is
Disabled
.
NOTE:
Certain implementations concerning the function and configuration of SSL are not available on
the web-based management of this Switch and need to be configured using the command line
interface. For more information on SSL and its functions, see the
DES-3500 Series Command Line
Reference
Manual
, located on the documentation CD of this product.
NOTE:
Enabling the SSL command will disable the web-based switch management. To log on to the
Switch again, the header of the URL must begin with https://. Entering anything else into the address
field of the web browser will result in an error and no authentication will be granted.