No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ciphersuite

ciphersuite

Function

The ciphersuite command configures cipher suites in a server SSL policy.

The undo ciphersuite command restores the default configuration.

By default, a server SSL policy supports the cipher suites: ecdhe_rsa_aes128_gcm_sha256, ecdhe_rsa_aes256_gcm_sha384, rsa_aes_128_sha256, and rsa_aes_256_sha256.

Format

ciphersuite { rsa_3des_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_128_sha256 | rsa_aes_256_sha256 | ecdhe_rsa_aes128_gcm_sha256 | ecdhe_rsa_aes256_gcm_sha384 } *

undo ciphersuite

Parameters

Parameter

Description

Value

rsa_3des_cbc_sha

Indicates the rsa_3des_cbc_sha cipher suite. This cipher suite uses the RSA algorithm to compute the key, the 3DES_CBC algorithm to encrypt data, and the SHA algorithm to compute the MAC.

NOTE:

RSA: Rivest-Shamir-Adleman

DES: Data Encryption Standard

CBC: Cipher Block Chaining

SHA: Secure Hash Algorithm

-

rsa_aes_128_cbc_sha

Indicates the rsa_aes_128_cbc_sha cipher suite. This cipher suite uses the RSA algorithm to compute the key, the 128-bit AES_CBC to encrypt data, and the SHA algorithm to compute the message authentication code (MAC).

NOTE:

AES: Advanced Encryption Standard

-

rsa_aes_128_sha256

Indicates the rsa_aes_128_sha256 cipher suite. This cipher suite uses the RSA algorithm to compute the key, the 128-bit AES_CBC to encrypt data, and the SHA2-256 algorithm to compute the MAC.

-

rsa_aes_256_sha256

Indicates the rsa_aes_256_sha256 cipher suite. This cipher suite uses the RSA algorithm to compute the key, the 256-bit AES_CBC to encrypt data, and the SHA2-256 algorithm to compute the MAC.

-

ecdhe_rsa_aes128_gcm_sha256

Indicates the ecdhe_rsa_aes128_gcm_sha256 cipher suite. This cipher suite uses the ECDHE RSA algorithm to compute the key, the 128-bit AES_GCM to encrypt data, and the SHA2-256 algorithm to compute the MAC.

NOTE:

GCM: Galois/Counter Mode

ECDHE: Elliptic Curve Diffie-Hellman with Ephemeral keys

-

ecdhe_rsa_aes256_gcm_sha384

Indicates the ecdhe_rsa_aes256_gcm_sha384 cipher suite. This cipher suite uses the ECDHE RSA algorithm to compute the key, the 256-bit AES_GCM to encrypt data, and the SHA2-384 algorithm to compute the MAC.

-

Views

Server SSL policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A cipher suite consists of a data encryption algorithm, a key exchange algorithm, and a MAC algorithm. During an SSL handshake, an SSL client sends a Client Hello message to notify an SSL server of the SSL protocol version and cipher suites that it supports. The SSL server determines the SSL protocol version and cipher suite used for this communication and sends a Server Hello message to notify the client.

The ciphersuite command configures the cipher suite that the AP can use when it functions as an SSL server.

Configuration Impact

To ensure high security, you are not advised to configure the cipher suite supported by the server SSL policy to rsa_3des_cbc_sha and rsa_aes_128_cbc_sha.

Using the ecdhe_rsa_aes128_gcm_sha256 or ecdhe_rsa_aes256_gcm_sha384 algorithm will affect the SSL server performance.

Example

# Configure a server SSL policy to use the rsa_aes_256_sha256 cipher suite.

<Huawei> system-view
[Huawei] ssl policy users type server
[Huawei-ssl-policy-users] ciphersuite rsa_aes_256_sha256
Related Topics
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 195617

Downloads: 118

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next