ciphers
This command specifies the cipher suites that the SSL server profile uses to establish a secure connection.
Syntax
ciphers cipher_string
Parameters
- cipher_string
-
Specifies the cipher suites. The following cipher suites are supported.
- RSA_WITH_NULL_MD5
- RSA_WITH_NULL_SHA
- RSA_EXPORT_WITH_RC4_40_MD5
- RSA_WITH_RC4_128_MD5
- RSA_WITH_RC4_128_SHA
- RSA_EXPORT_WITH_RC2_CBC_40_MD5
- RSA_EXPORT_WITH_DES40_CBC_SHA
- RSA_WITH_DES_CBC_SHA
- RSA_WITH_3DES_EDE_CBC_SHA (default)
- DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
- DHE_DSS_WITH_DES_CBC_SHA
- DHE_DSS_WITH_3DES_EDE_CBC_SHA (default)
- DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (default)
- DHE_RSA_WITH_DES_CBC_SHA
- DHE_RSA_WITH_3DES_EDE_CBC_SHA (default)
- RSA_WITH_AES_128_CBC_SHA
- DHE_DSS_WITH_AES_128_CBC_SHA
- DHE_RSA_WITH_AES_128_CBC_SHA (default)
- RSA_WITH_AES_256_CBC_SHA (default)
- DHE_DSS_WITH_AES_256_CBC_SHA
- DHE_RSA_WITH_AES_256_CBC_SHA (default)
- RSA_WITH_NULL_SHA256
- RSA_WITH_AES_128_CBC_SHA256
- RSA_WITH_AES_256_CBC_SHA256
- DHE_DSS_WITH_AES_128_CBC_SHA256
- DHE_RSA_WITH_AES_128_CBC_SHA256 (default)
- DHE_DSS_WITH_AES_256_CBC_SHA256
- DHE_RSA_WITH_AES_256_CBC_SHA256
- RSA_WITH_AES_128_GCM_SHA256
- RSA_WITH_AES_256_GCM_SHA384
- DHE_RSA_WITH_AES_128_GCM_SHA256 (default)
- DHE_RSA_WITH_AES_256_GCM_SHA384 (default)
- DHE_DSS_WITH_AES_128_GCM_SHA256
- DHE_DSS_WITH_AES_256_GCM_SHA384
- ECDHE_RSA_WITH_NULL_SHA
- ECDHE_RSA_WITH_RC4_128_SHA
- ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (default)
- ECDHE_RSA_WITH_AES_128_CBC_SHA
- ECDHE_RSA_WITH_AES_256_CBC_SHA
- ECDHE_RSA_WITH_AES_128_CBC_SHA256 (default)
- ECDHE_RSA_WITH_AES_256_CBC_SHA384 (default)
- ECDHE_RSA_WITH_AES_128_GCM_SHA256 (default)
- ECDHE_RSA_WITH_AES_256_GCM_SHA384 (default)
- ECDHE_ECDSA_WITH_NULL_SHA
- ECDHE_ECDSA_WITH_RC4_128_SHA
- ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (default)
- ECDHE_ECDSA_WITH_AES_128_CBC_SHA (default)
- ECDHE_ECDSA_WITH_AES_256_CBC_SHA (default)
- ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (default)
- ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (default)
- ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (default)
- ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (default)
Guidelines
The ciphers command specifies the cipher suites that the SSL server profile uses to establish a secure connection.
The cipher suites correspond to the RFC names without the TLS_ or SSL_ prefix. For example, RSA_WITH_3DES_EDE_CBC_SHA correspond to TLS_RSA_WITH_3DES_EDE_CBC_SHA or SSL_RSA_WITH_3DES_EDE_CBC_SHA in the relevant RFC.
The SSL server profile must include at least one cipher suite that matches the associated key material.
- An RSA signing key requires ECDHE_RSA cipher suites.
- An ECDSA signing key requires ECDHE_ECDSA cipher suites.
The SSL server profile must include at least one cipher suite that matches the identification
credentials as specified by the idred command.
- When the identification credentials contains RSA keys, you must specify at least one RSA cipher suite.
- When the identification credentials contains ECDSA keys, you must specify at least one ECDSA cipher suite.
To specify multiple cipher suites, run this command for each cipher suite.