Specifying a cipher suite, Configuring multiple cipher suites – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual
Page 138
126
Brocade Virtual ADX Security Guide
53-1003250-01
Basic SSL profile configuration
6
Syntax: keypair-file keypair-file-name
The keypair-file-name variable is an ASCII string a keypair file that was generated using the genrsa
command.
Specifying a cipher suite
By specifying cipher suites under an SSL profile, you can control the security strength of the SSL
handshakes. The Brocade Virtual ADX can accept a new SSL handshake from the client only if the
list of cipher suites presented by the client includes a cipher suite configured under the SSL profile.
To specify all cipher suite or a specific cipher-suite name, the following command syntax is used.
Syntax: cipher-suite <cipher-suite name>
Available options for <cipher-suite name> are:
•
all-cipher suites
•
rsa-export-with-des40-cbc-sha
•
rsa-export-with-rc4-40-md5-cbc-sha
•
rsa-with-3des-ede-cbc-md5
•
rsa-with-3des-ede-cbc-sha
•
rsa-with-aes-128-sha
•
rsa-with-aes-256-sha
•
rsa-with-des-cbc-md5
•
rsa-with-des-cbc-sha
•
rsa-with-rc2-cbc-md5
•
rsa-with-rc4-128-md5
•
rsa-with-rc4-128-sha
The following example specifies the "rsa-with-aes-128-sha" cipher-suite name option is configured
under the "sp1" SSL profile.
Virtual ADX(config)#ssl profile sp1
Virtual ADX(config-ssl-profile-sp1)#cipher-suite rsa-with-aes-128-sha
NOTE
The export cipher suites work only if the asymmetric key pair strength is less than or equal to 512
bits. This is consistent with the export rules. If the RSA key pair strength is greater than 512 bits,
then SSL handshake requests that contain export cipher suites do not work.
Configuring Multiple Cipher Suites
Among the cipher suite options, is one that specifies all cipher suites. You can also specify more
than one cipher inside an SSL profile without specifying all options. This is shown in the following
example.