During authentication between the client and server, a cipher list is provided for SSL algorithm negotiation. This section describes how to configure a cipher list for an SSL cipher suite. Using a cipher list enhances system security.
Context
During authentication between the client and server, a cipher list is provided for SSL algorithm negotiation. For the system that requires high security, you can configure a cipher list for an SSL cipher suite to enhance system security.
Procedure
- Run system-view
The system view is displayed.
- Run ssl cipher-suite-list customization-policy-name
An SSL cipher suite is created, and its view is displayed.
- Run set cipher-suite { tls1_ck_rsa_with_aes_256_sha | tls1_ck_rsa_with_aes_128_sha | tls1_ck_dhe_rsa_with_aes_256_sha | tls1_ck_dhe_dss_with_aes_256_sha | tls1_ck_dhe_rsa_with_aes_128_sha | tls1_ck_dhe_dss_with_aes_128_sha | tls12_ck_rsa_aes_128_cbc_sha | tls12_ck_rsa_aes_256_cbc_sha | tls12_ck_rsa_aes_128_cbc_sha256 | tls12_ck_rsa_aes_256_cbc_sha256 | tls12_ck_dhe_dss_aes_128_cbc_sha | tls12_ck_dhe_rsa_aes_128_cbc_sha | tls12_ck_dhe_dss_aes_256_cbc_sha | tls12_ck_dhe_rsa_aes_256_cbc_sha | tls12_ck_dhe_dss_aes_128_cbc_sha256 | tls12_ck_dhe_rsa_aes_128_cbc_sha256 | tls12_ck_dhe_dss_aes_256_cbc_sha256 | tls12_ck_dhe_rsa_aes_256_cbc_sha256 | tls12_ck_rsa_with_aes_128_gcm_sha256 | tls12_ck_rsa_with_aes_256_gcm_sha384 | tls12_ck_dhe_rsa_with_aes_128_gcm_sha256 | tls12_ck_dhe_rsa_with_aes_256_gcm_sha384 | tls12_ck_dhe_dss_with_aes_128_gcm_sha256 | tls12_ck_dhe_dss_with_aes_256_gcm_sha384 | tls12_ck_ecdhe_rsa_with_aes_128_gcm_sha256 | tls12_ck_ecdhe_rsa_with_aes_256_gcm_sha384 | tls13_aes_128_gcm_sha256 | tls13_aes_256_gcm_sha384 | tls13_chacha20_poly1305_sha256 | tls13_aes_128_ccm_sha256 }
A cipher list is configured for the SSL cipher suite.
- Run commit
The configuration is committed.