Cipher list formats – Nortel Networks NN46120-104 User Manual

Unable to download NetDirect from VPN server

179

Cipher List Formats

The cipher list you specify for a virtual SSL server consists of one or more
cipher strings separated by colons (e.g. RC4:+RSA:+ALL:!NULL:!DH:!EX
PORT@STRENGTH). Lists of ciphers can be combined using a logical
and operation (+) (e.g. SHA1+DES represents all cipher suites containing
the SHA1 and the DES algorithms).

In the colon-separated list, any cipher string can be preceded by the
characters !, - or +. These characters serve as modifiers, with the following
meanings:

•

! permanently deletes the ciphers from the list (e.g. !RSA).

•

- deletes the ciphers from the list, but the ciphers can be added again
by later options.

•

+ moves the ciphers to the end of the list. This option doesn’t add any
new ciphers it just moves matching existing ones.

•

@STRENGTH

is placed at the end of the cipher list, and sorts the list in

order of encryption algorithm key length.

The default cipher list used for all virtual SSL servers on the VPN Gateway
is

ALL@STRENGTH.

A cipher list consisting of the string

RC4:ALL:!DH

translates into a

preferred list of ciphers that begins with all ciphers using RC4 as the
encryption algorithm, followed by all cipher suites except the eNULL
ciphers (ALL). The final

!DH

string means that all cipher suites containing

the DH (Diffie-Hellman) cipher are removed from the list. (Few of the major
web browsers support these ciphers.)

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.