|
|
Description:
|
sslCipherList OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This object is to configure the cipher-suites list.
This field is a bit mask, setting a bit indicates that the
corresponding cipher-list will be involved in the server
authentication.
BIT 0 - RSA-NULL-MD5
BIT 1 - RSA-NULL-SHA
BIT 2 - RSA-DES-SHA
BIT 3 - RSA-3DES-SHA
BIT 4 - DH-RSA-DES-SHA
BIT 5 - DH-RSA-3DES-SHA
BIT 6 - RSA-EXP1024-DES-SHA
BIT 7 - RSA-WITH-AES-128-CBC-SHA
BIT 8 - RSA-WITH-AES-256-CBC-SHA
BIT 9 - DHE-RSA-WITH-AES-128-CBC-SHA
BIT 10 - DHE-RSA-WITH-AES-256-CBC-SHA
Note:BIT 0 - Least significant bit
BIT 10 - Most significant bit
For example,setting the cipher list to the value - 001 0101,
will include RSA-NULL-MD5, RSA-DES-SHAa and DH-RSA-DES-SHA as
cipher-list for authentication.
In the FIPS (American Security Standard Mode) Mode,
Only the following cipher list should be supported.
TLS_RSA_3DES_SHA1
TLS_ DHE_RSA_3DES_SHA1
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
hence the default value in FIPS mode will be
TLS_RSA_3DES_SHA1 | TLS_ DHE_RSA_3DES_SHA1 | TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_AES_256_CBC_SHA | TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
DEFVAL {76}
|
|
