ssl ciphersuit

Function

The ssl ciphersuit command sets SSL encryption suites.

The undo ssl ciphersuit command restores the default settings of SSL encryption suites.

ssl ciphersuit { allciphersuit | custom { aes256-sha | non-aes256-sha } { aes128-sha | non-aes128-sha } }

undo ssl ciphersuit

Parameter	Description	Value
allciphersuit	Supports four types of common encryption suites.	-
custom	Indicates the customized encryption suite.	-
aes256-sha	Indicates the encryption suite of the AES256 encryption algorithm and SHA hash algorithm.	-
non-aes256-sha	Indicates that the encryption suite of the AES256 encryption algorithm and SHA hash algorithm is not used.	-
aes128-sha	Indicates the encryption suite of the AES128 encryption algorithm and SHA hash algorithm.	-
non-aes128-sha	Indicates that the encryption suite of the AES128 encryption algorithm and SHA hash algorithm is not used.	-

Virtual gateway basic view

2: Configuration level

By default, the virtual gateway supports two encryption suites: aes256-sha and aes128-sha.

An encryption suite is the combination of the encryption and hash algorithms.

Differences between encryption algorithms lie in:

The data block-based AES algorithm can be used independently or combined with the authentication algorithm.
The RSA, an asymmetric encryption algorithm, is usually used for key exchange or identity authentication.

The device supports two hash algorithms: SHA-1 and SHA-256. The client and device negotiates to determine a hash algorithm.

# Set the virtual gateway to support all types of common encryption suites.

<sysname> system-view
[sysname] v-gateway abc
[sysname-abc] basic
[sysname-abc-basic] ssl ciphersuit allciphersuit