No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
prefer-ciphersuite

prefer-ciphersuite

Function

The prefer-ciphersuite command configures cipher suites in a client SSL policy.

The undo prefer-ciphersuite command restores the default configuration.

By default, a client SSL policy uses the cipher suites: ecdhe_rsa_aes128_gcm_sha256, ecdhe_rsa_aes256_gcm_sha384, rsa_aes_128_sha256, and rsa_aes_256_sha256.

Format

prefer-ciphersuite { rsa_3des_cbc_sha | rsa_aes_128_cbc_sha | rsa_aes_128_sha256 | rsa_aes_256_sha256 | ecdhe_rsa_aes128_gcm_sha256 | ecdhe_rsa_aes256_gcm_sha384 } *

undo prefer-ciphersuite

Parameters

Parameter

Description

Value

rsa_3des_cbc_sha

Indicates the rsa_3des_cbc_sha cipher suite. This cipher suite uses the RSA algorithm to compute the key, the 3DES_CBC algorithm to encrypt data, and the SHA algorithm to compute the MAC.

-

rsa_aes_128_cbc_sha

Indicates the rsa_aes_128_cbc_sha cipher suite. This cipher suite uses the RSA algorithm to compute the key, the 128-bit AES_CBC to encrypt data, and the SHA algorithm to compute the message authentication code (MAC).

-

rsa_aes_128_sha256

Indicates the rsa_aes_128_sha256 cipher suite. This cipher suite uses the RSA algorithm to compute the key, the 128-bit AES_CBC to encrypt data, and the SHA2-256 algorithm to compute the MAC.

-

rsa_aes_256_sha256

Indicates the rsa_aes_256_sha256 cipher suite. This cipher suite uses the RSA algorithm to compute the key, the 256-bit AES_CBC to encrypt data, and the SHA2-256 algorithm to compute the MAC.

-

ecdhe_rsa_aes128_gcm_sha256

Indicates the ecdhe_rsa_aes128_gcm_sha256 cipher suite. This cipher suite uses the ECDHE RSA algorithm to compute the key, the 128-bit AES_GCM to encrypt data, and the SHA2-256 algorithm to compute the MAC.

-

ecdhe_rsa_aes256_gcm_sha384

Indicates the ecdhe_rsa_aes256_gcm_sha384 cipher suite. This cipher suite uses the ECDHE RSA algorithm to compute the key, the 256-bit AES_GCM to encrypt data, and the SHA2-384 algorithm to compute the MAC.

-

Views

Client SSL policy view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A cipher suite consists of a data encryption algorithm, a key exchange algorithm, and a MAC algorithm. During an SSL handshake, an SSL client sends a Client Hello message to notify an SSL server of the SSL protocol version and cipher suites that it supports. The SSL server determines the SSL protocol version and cipher suite used for this communication and sends a Server Hello message to notify the client.

The prefer-ciphersuite command configures the cipher suite that the AP can use when it functions as an SSL client.

Configuration Impact

If you run the prefer-ciphersuite command multiple times in the same client SSL policy view, only the latest configuration takes effect.

Precautions

To ensure high security, you are not advised to configure the cipher suite used by the client SSL policy to rsa_3des_cbc_sha and rsa_aes_128_cbc_sha.

Ensure that the cipher suite specified in this command is supported by the SSL server. Before running this command, check the cipher suites that the SSL server supports.

Example

# Configure a client SSL policy to use the rsa_aes_256_sha256 cipher suite.

<Huawei> system-view
[Huawei] ssl policy users type client
[Huawei-ssl-policy-users] prefer-ciphersuite rsa_aes_256_sha256
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 204715

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next