Specifying a cipher suite, Configuring multiple cipher suites – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

126

Brocade Virtual ADX Security Guide

53-1003250-01

Basic SSL profile configuration

6

Syntax: keypair-file keypair-file-name

The keypair-file-name variable is an ASCII string a keypair file that was generated using the genrsa
command.

Specifying a cipher suite

By specifying cipher suites under an SSL profile, you can control the security strength of the SSL
handshakes. The Brocade Virtual ADX can accept a new SSL handshake from the client only if the
list of cipher suites presented by the client includes a cipher suite configured under the SSL profile.

To specify all cipher suite or a specific cipher-suite name, the following command syntax is used.

Syntax: cipher-suite

Available options for are:

•

all-cipher suites

•

rsa-export-with-des40-cbc-sha

•

rsa-export-with-rc4-40-md5-cbc-sha

•

rsa-with-3des-ede-cbc-md5

•

rsa-with-3des-ede-cbc-sha

•

rsa-with-aes-128-sha

•

rsa-with-aes-256-sha

•

rsa-with-des-cbc-md5

•

rsa-with-des-cbc-sha

•

rsa-with-rc2-cbc-md5

•

rsa-with-rc4-128-md5

•

rsa-with-rc4-128-sha

The following example specifies the "rsa-with-aes-128-sha" cipher-suite name option is configured
under the "sp1" SSL profile.

Virtual ADX(config)#ssl profile sp1

Virtual ADX(config-ssl-profile-sp1)#cipher-suite rsa-with-aes-128-sha

NOTE

The export cipher suites work only if the asymmetric key pair strength is less than or equal to 512
bits. This is consistent with the export rules. If the RSA key pair strength is greater than 512 bits,
then SSL handshake requests that contain export cipher suites do not work.

Configuring Multiple Cipher Suites

Among the cipher suite options, is one that specifies all cipher suites. You can also specify more
than one cipher inside an SSL profile without specifying all options. This is shown in the following
example.