- Preface
- Using the WAAS Command-Line Interface
- Cisco WAAS Software Command Summary
- CLI Commands
- EXEC Mode Commands
- Global Configuration Mode Commands
- Interface Configuration Mode Commands
- Standard ACL Configuration Mode Commands
- Extended ACL Configuration Mode Commands
- Preposition Configuration Mode Commands
- PKI Certification Authority Configuration Mode Commands
- PKI Global Settings Configuration Mode Commands
- SSL Accelerated Service Configuration Mode Commands
- SSL Cipher List Configuration Mode Commands
- SSL Global Service Configuration Mode Commands
- SSL Host Peering Service Configuration Mode Commands
- SSL Management Service Configuration Mode Commands
- WCCP Configuration Mode Commands
- Service Context Configuration Mode Commands
- Service Node Group Configuration Mode Commands
- Service Node Configuration Mode Commands
- Service Context Configuration Mode Commands
- Class Map Configuration Mode Commands
- Policy Map Configuration Mode Commands
- Policy Map Class Configuration Mode Commands
- Acronyms and Abbreviations
- Command Summary by Mode
SSL Cipher List Configuration Mode Commands
A cipher list is customer list of cipher suites that you assign to an SSL connection. To configure secure socket layer (SSL) encryption cipher lists on a WAAS device, use the crypto ssl cipher-list global configuration command. To delete a cipher list use the no form of the command.
crypto ssl cipher-list cipher-list-name
no crypto ssl cipher-list cipher-list-name
Syntax Description
Name of the cipher list you want to create or edit. The cipher list name may contain up to 64 characters. |
Defaults
Command Modes
Device Modes
Usage Guidelines
Use the crypto ssl cipher-list command to add and configure a cipher list. The crypto ssl cipher-list command initiates cipher list configuration mode, as indicated by the following prompt:
Within cipher list configuration mode, you can use the cipher cipher list configuration command to define list of cipher suites. To return to global configuration mode, enter exit at the cipher list configuration mode prompt.
Examples
The following example shows how to create or edit a cipher list called myciphers. If the cipher list is already established on the WAAS device, the crypto ssl cipher-list command edits it. If the cipher list does not exist, the crypto ssl cipher-list command creates it:
Related Commands
(config-cipher-list) cipher
To add a cipher suite to a cipher list, or to change the priority of a cipher suite on the list, use the cipher command.
cipher cipher-suite-name [priority value ]
Syntax Description
Defaults
Command Modes
Device Modes
Usage Guidelines
The SSL protocol supports a variety of different cryptographic algorithms, or ciphers, for use in operations such as authenticating the server and client to each other, transmitting certificates, and establishing session keys. Clients and servers may support different cipher suites, or sets of ciphers, depending on various factors such as the version of SSL they support, company policies regarding acceptable encryption strength, and government restrictions on export of SSL-enabled software. Among its other functions, the SSL handshake protocol determines how the server and client negotiate which cipher suites they will use to authenticate each other to transmit certificates and to establish session keys.
Note Note Exportable cipher suites are those cipher suites that are considered not to be as strong as some of the other cipher suites (for example, 3DES or RC4 with 128-bit encryption) as defined by U.S. export restrictions on software products. Exportable cipher suites may be exported to most countries from the United States, and provide the strongest encryption available for exportable products.
Each cipher suite specifies a set of key exchange algorithms. For example, Figure 3-1 summarizes the algorithms associated with the rsa-export-with-rc4-40-md5 cipher suite.
Figure 3-1 Cipher Suite Algorithms
Table 3-1 lists the supported cipher suites and indicates whether those cipher suites are exportable, the authentication certificate, and the encryption key required by the cipher suite.
|
|
|
|
---|---|---|---|
Note The client-specified order for ciphers overrides the cipher list priority assigned here if the cipher list is applied to an accelerated service. The priorities assigned in this cipher list are only applicable if the cipher list is applied to SSL peering and management services.
Examples
The following example shows how to enter cipher list configuration mode for the cipher list named myciphers, and then add the cipher suite rsa-with-3des-ede-cbc-sha with a priority of 1: