Cipher list formats – Nortel Networks NN46120-104 User Manual
Page 179
Unable to download NetDirect from VPN server
179
Cipher List Formats
The cipher list you specify for a virtual SSL server consists of one or more
cipher strings separated by colons (e.g. RC4:+RSA:+ALL:!NULL:!DH:!EX
PORT@STRENGTH). Lists of ciphers can be combined using a logical
and operation (+) (e.g. SHA1+DES represents all cipher suites containing
the SHA1 and the DES algorithms).
In the colon-separated list, any cipher string can be preceded by the
characters !, - or +. These characters serve as modifiers, with the following
meanings:
•
! permanently deletes the ciphers from the list (e.g. !RSA).
•
- deletes the ciphers from the list, but the ciphers can be added again
by later options.
•
+ moves the ciphers to the end of the list. This option doesn’t add any
new ciphers it just moves matching existing ones.
•
@STRENGTH
is placed at the end of the cipher list, and sorts the list in
order of encryption algorithm key length.
The default cipher list used for all virtual SSL servers on the VPN Gateway
is
ALL@STRENGTH.
A cipher list consisting of the string
RC4:ALL:!DH
translates into a
preferred list of ciphers that begins with all ciphers using RC4 as the
encryption algorithm, followed by all cipher suites except the eNULL
ciphers (ALL). The final
!DH
string means that all cipher suites containing
the DH (Diffie-Hellman) cipher are removed from the list. (Few of the major
web browsers support these ciphers.)
Nortel VPN Gateway
User Guide
NN46120-104
02.01
Standard
14 April 2008
Copyright © 2007-2008 Nortel Networks
.