< Home

set cipher-suite

Function

The set cipher-suite command configures cipher suites for a customized SSL cipher suite policy.

The undo set cipher-suite command deletes cipher suites in a customized SSL cipher suite policy.

By default, no cipher suite is configured for a customized SSL cipher suite policy.

Format

set cipher-suite { tls12_ck_dss_aes_128_gcm_sha256 | tls12_ck_dss_aes_256_gcm_sha384 | tls12_ck_rsa_aes_128_gcm_sha256 | tls12_ck_rsa_aes_256_gcm_sha384 }

undo set cipher-suite { tls12_ck_dss_aes_128_gcm_sha256 | tls12_ck_dss_aes_256_gcm_sha384 | tls12_ck_rsa_aes_128_gcm_sha256 | tls12_ck_rsa_aes_256_gcm_sha384 }

Parameters

Parameter

Description

Value

tls12_ck_dss_aes_128_gcm_sha256

Configures the TLS12_CK_DSS_AES_128_GCM_SHA256 cipher suite.

-

tls12_ck_dss_aes_256_gcm_sha384

Configures the TLS12_CK_DSS_AES_256_GCM_SHA384 cipher suite.

-

tls12_ck_rsa_aes_128_gcm_sha256

Configures the TLS12_CK_RSA_AES_128_GCM_SHA256 cipher suite.

-

tls12_ck_rsa_aes_256_gcm_sha384

Configures the TLS12_CK_RSA_AES_256_GCM_SHA384 cipher suite.

-

Views

Customized SSL cipher suite policy view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To configure cipher suites for a customized SSL cipher suite policy, run the set cipher-suite command.

Precautions

  • If a customized SSL cipher suite policy is being referenced by an SSL policy, the cipher suites in the customized cipher suite policy can be added, modified, or partially deleted. Deleting all of the cipher suites is not allowed.
  • The system software does not support the tls12_ck_rsa_aes_256_cbc_sha256, tls1_ck_dhe_dss_with_aes_128_sha, tls1_ck_dhe_dss_with_aes_256_sha, tls1_ck_dhe_rsa_with_aes_128_sha, tls1_ck_dhe_rsa_with_aes_256_sha, tls1_ck_rsa_with_aes_128_sha, and tls1_ck_rsa_with_aes_256_sha parameters. To use the tls12_ck_rsa_aes_256_cbc_sha256, tls1_ck_dhe_dss_with_aes_128_sha, tls1_ck_dhe_dss_with_aes_256_sha, tls1_ck_dhe_rsa_with_aes_128_sha, tls1_ck_dhe_rsa_with_aes_256_sha, tls1_ck_rsa_with_aes_128_sha, or tls1_ck_rsa_with_aes_256_sha parameter, you need to install the WEAKEA plug-in. For higher security purposes, you are advised to use other parameters.

Example

# Configure the tls12_ck_dss_aes_128_gcm_sha256 cipher suite for the customized SSL cipher suite policy named cipher1.

<HUAWEI> system-view
[HUAWEI] ssl cipher-suite-list cipher1
[HUAWEI-ssl-cipher-suite-cipher1] set cipher-suite tls12_ck_dss_aes_128_gcm_sha256
Parent Topic: File Management Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >