< Home

set cipher-suite

Function

The set cipher-suite command configures cipher suites for a customized SSL cipher suite policy.

The undo set cipher-suite command deletes cipher suites in a customized SSL cipher suite policy.

By default, no cipher suite is configured for a customized SSL cipher suite policy.

Format

set cipher-suite { tls1_ck_rsa_with_aes_256_sha | tls1_ck_rsa_with_aes_128_sha | tls1_ck_dhe_rsa_with_aes_256_sha | tls1_ck_dhe_dss_with_aes_256_sha | tls1_ck_dhe_rsa_with_aes_128_sha | tls1_ck_dhe_dss_with_aes_128_sha | tls12_ck_rsa_aes_256_cbc_sha256 | tls12_ck_rsa_aes_128_gcm_sha256 | tls12_ck_rsa_aes_256_gcm_sha384 | tls12_ck_dss_aes_128_gcm_sha256 | tls12_ck_dss_aes_256_gcm_sha384 }

undo set cipher-suite { tls1_ck_rsa_with_aes_256_sha | tls1_ck_rsa_with_aes_128_sha | tls1_ck_dhe_rsa_with_aes_256_sha | tls1_ck_dhe_dss_with_aes_256_sha | tls1_ck_dhe_rsa_with_aes_128_sha | tls1_ck_dhe_dss_with_aes_128_sha | tls12_ck_rsa_aes_256_cbc_sha256 | tls12_ck_rsa_aes_128_gcm_sha256 | tls12_ck_rsa_aes_256_gcm_sha384 | tls12_ck_dss_aes_128_gcm_sha256 | tls12_ck_dss_aes_256_gcm_sha384 }

Parameters

Parameter Description Value

tls1_ck_rsa_with_aes_256_sha

Configures the TLS1_CK_RSA_WITH_AES_256_SHA cipher suite.

-

tls1_ck_rsa_with_aes_128_sha

Configures the TLS1_CK_RSA_WITH_AES_128_SHA cipher suite.

-

tls1_ck_dhe_rsa_with_aes_256_sha

Configures the TLS1_CK_DHE_RSA_WITH_AES_256_SHA cipher suite.

-

tls1_ck_dhe_dss_with_aes_256_sha

Configures the TLS1_CK_DHE_DSS_WITH_AES_256_SHA cipher suite.

-

tls1_ck_dhe_rsa_with_aes_128_sha

Configures the TLS1_CK_DHE_RSA_WITH_AES_128_SHA cipher suite.

-

tls1_ck_dhe_dss_with_aes_128_sha

Configures the TLS1_CK_DHE_DSS_WITH_AES_128_SHA cipher suite.

-

tls12_ck_rsa_aes_256_cbc_sha256

Configures the TLS12_CK_RSA_AES_256_CBC_SHA256 cipher suite.

-

tls12_ck_rsa_aes_128_gcm_sha256

Configures the TLS12_CK_RSA_AES_128_GCM_SHA256 cipher suite.

-

tls12_ck_rsa_aes_256_gcm_sha384

Configures the TLS12_CK_RSA_AES_256_GCM_SHA384 cipher suite.

-

tls12_ck_dss_aes_128_gcm_sha256

Configures the TLS12_CK_DSS_AES_128_GCM_SHA256 cipher suite.

-

tls12_ck_dss_aes_256_gcm_sha384

Configures the TLS12_CK_DSS_AES_256_GCM_SHA384 cipher suite.

-

Views

Customized SSL cipher suite policy view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To configure cipher suites for a customized SSL cipher suite policy, run the set cipher-suite command.

Precautions

If a customized SSL cipher suite policy is being referenced by an SSL policy, the cipher suites in the customized cipher suite policy can be added, modified, or partially deleted. Deleting all of the cipher suites is not allowed.

If the configured SSL cipher suite contains insecure algorithms, the device will prompt you with risks.

Example

# Configure the tls12_ck_dss_aes_256_gcm_sha384 cipher suite for the customized SSL cipher suite policy named cipher1.

<sysname> system-view
[sysname] ssl cipher-suite-list cipher1
[sysname-ssl-cipher-suite-cipher1] set cipher-suite tls12_ck_dss_aes_256_gcm_sha384
Parent Topic: Telnet and SSH Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >