beautypg.com

Modifying a cipher list – Nortel Networks NN46120-104 User Manual

Page 180

background image

180

Supported Ciphers

Modifying a Cipher List

Starting from the

RC4:ALL:!DH

cipher list, an example of a slightly

modified cipher list can be:

RC4:ALL:!EXPORT:!DH

This example will remove all EXPORT ciphers, besides the DH related
cipher suites. Removing the EXPORT ciphers means that all ciphers using
either 40 or 56 bits symmetric ciphers are removed from the list. This
means that browsers running export controlled crypto software cannot
access the server.

Using the OpenSSL command line tool (on a UNIX machine), it is possible
to check which cipher suites a particular cipher list corresponds to. The
preceding example yields the following output:

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.