ciphers

This command specifies the cipher suites that the SSL client profile uses to establish a secure connection.

Syntax

ciphers cipher_string

Parameters

cipher_string
Specifies the cipher suites. The following cipher suites are supported.
  • RSA_WITH_NULL_MD5
  • RSA_WITH_NULL_SHA
  • RSA_EXPORT_WITH_RC4_40_MD5
  • RSA_WITH_RC4_128_MD5
  • RSA_WITH_RC4_128_SHA
  • RSA_EXPORT_WITH_RC2_CBC_40_MD5
  • RSA_EXPORT_WITH_DES40_CBC_SHA
  • RSA_WITH_DES_CBC_SHA
  • RSA_WITH_3DES_EDE_CBC_SHA (default)
  • DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  • DHE_DSS_WITH_DES_CBC_SHA
  • DHE_DSS_WITH_3DES_EDE_CBC_SHA (default)
  • DHE_RSA_EXPORT_WITH_DES40_CBC_SHA (default)
  • DHE_RSA_WITH_DES_CBC_SHA
  • DHE_RSA_WITH_3DES_EDE_CBC_SHA (default)
  • RSA_WITH_AES_128_CBC_SHA
  • DHE_DSS_WITH_AES_128_CBC_SHA
  • DHE_RSA_WITH_AES_128_CBC_SHA (default)
  • RSA_WITH_AES_256_CBC_SHA
  • DHE_DSS_WITH_AES_256_CBC_SHA
  • DHE_RSA_WITH_AES_256_CBC_SHA (default)
  • RSA_WITH_NULL_SHA256
  • RSA_WITH_AES_128_CBC_SHA256
  • RSA_WITH_AES_256_CBC_SHA256
  • DHE_DSS_WITH_AES_128_CBC_SHA256
  • DHE_RSA_WITH_AES_128_CBC_SHA256 (default)
  • DHE_DSS_WITH_AES_256_CBC_SHA256
  • DHE_RSA_WITH_AES_256_CBC_SHA256 (default)
  • RSA_WITH_AES_128_GCM_SHA256
  • RSA_WITH_AES_256_GCM_SHA384
  • DHE_RSA_WITH_AES_128_GCM_SHA256 (default)
  • DHE_RSA_WITH_AES_256_GCM_SHA384 (default)
  • DHE_DSS_WITH_AES_128_GCM_SHA256
  • DHE_DSS_WITH_AES_256_GCM_SHA384
  • ECDHE_RSA_WITH_NULL_SHA
  • ECDHE_RSA_WITH_RC4_128_SHA
  • ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (default)
  • ECDHE_RSA_WITH_AES_128_CBC_SHA
  • ECDHE_RSA_WITH_AES_256_CBC_SHA
  • ECDHE_RSA_WITH_AES_128_CBC_SHA256 (default)
  • ECDHE_RSA_WITH_AES_256_CBC_SHA384 (default)
  • ECDHE_RSA_WITH_AES_128_GCM_SHA256 (default)
  • ECDHE_RSA_WITH_AES_256_GCM_SHA384 (default)
  • ECDHE_ECDSA_WITH_NULL_SHA
  • ECDHE_ECDSA_WITH_RC4_128_SHA
  • ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (default)
  • ECDHE_ECDSA_WITH_AES_128_CBC_SHA (default)
  • ECDHE_ECDSA_WITH_AES_256_CBC_SHA (default)
  • ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (default)
  • ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (default)
  • ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (default)
  • ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (default)

Guidelines

The ciphers command specifies the cipher suites that the SSL client profile uses to establish a secure connection.

The cipher suites correspond to the RFC names without the TLS_ or SSL_ prefix. For example, RSA_WITH_3DES_EDE_CBC_SHA correspond to TLS_RSA_WITH_3DES_EDE_CBC_SHA or SSL_RSA_WITH_3DES_EDE_CBC_SHA in the relevant RFC.

The SSL client profile must include at least one cipher suite that matches the associated key material.
  • An RSA signing key requires ECDHE_RSA cipher suites.
  • An ECDSA signing key requires ECDHE_ECDSA cipher suites.

To specify multiple cipher suites, run this command for each cipher suite.