HP FlexNetwork 7500 Series, Справочник по командам

Страница: 527 / 738

512
Examples
# Specify PKI domain server-domain for SSL server policy policy1 .
<Sysname> system-view
[Sysname] ssl server-policy policy1
[Sysname-ssl-server-policy-policy1] pki-domain server-domain
Related commands
display ssl server-policy
pki domain
prefer-cipher
Use prefer-cipher to specify a preferred cipher suite for an SSL client policy.
Use undo prefer-cipher to restore the default.
Syntax
In non-FIPS mode:
prefer-cipher { dhe_rsa_aes_128_cbc_sha | dhe_rsa_aes_128_cbc_sha256 |
dhe_rsa_aes_256_cbc_sha | dhe_rsa_aes_256_cbc_sha256 |
ecdhe_ecdsa_aes_128_cbc_sha256 | ecdhe_ecdsa_aes_128_gcm_sha256 |
ecdhe_ecdsa_aes_256_cbc_sha384 | ecdhe_ecdsa_aes_256_gcm_sha384 |
ecdhe_rsa_aes_128_cbc_sha256 | ecdhe_rsa_aes_128_gcm_sha256 |
ecdhe_rsa_aes_256_cbc_sha384 | ecdhe_rsa_aes_256_gcm_sha384 | exp_rsa_des_cbc_sha
| exp_rsa_rc2_md5 | exp_rsa_rc4_md5 | rsa_3des_ede_cbc_sha | rsa_aes_128_cbc_sha |
rsa_aes_128_cbc_sha256 | rsa_aes_256_cbc_sha | rsa_aes_256_cbc_sha256 |
rsa_des_cbc_sha | rsa_rc4_128_md5 | rsa_rc4_128_sha }
undo prefer-cipher
In FIPS mode:
prefer-cipher { ecdhe_ecdsa_aes_128_cbc_sha256 | ecdhe_ecdsa_aes_128_gcm_sha256 |
ecdhe_ecdsa_aes_256_cbc_sha384 | ecdhe_ecdsa_aes_256_gcm_sha384 |
ecdhe_rsa_aes_128_cbc_sha256 | ecdhe_rsa_aes_128_gcm_sha256 |
ecdhe_rsa_aes_256_cbc_sha384 | ecdhe_rsa_aes_256_gcm_sha384 | rsa_aes_128_cbc_sha
| rsa_aes_128_cbc_sha256 | rsa_aes_256_cbc_sha | rsa_aes_256_cbc_sha256 }
undo prefer-cipher
Default
In non-FIPS mode:
The preferred cipher suite of an SSL client policy is rsa_rc4_128_md5 .
In FIPS mode:
The preferred cipher suite of an SSL client policy is rsa_aes_128_cbc_sha .
Views
SSL client policy view
Predefined user roles
network-admin
mdc-admin
Parameters
dhe_rsa_aes_128_cbc_sha : Specifies the cipher suite that uses key exchange algorithm DHE RSA,
data encryption algorithm 128-bit AES_CBC, and MAC algorithm SHA.