Specifications
3-751
Cisco Wide Area Application Services Command Reference
OL-21611-01
Chapter 3 CLI Commands
(config-cipher-list) cipher
Note Note Exportable cipher suites are those cipher suites that are considered not to be as strong as some of
the other cipher suites (for example, 3DES or RC4 with 128-bit encryption) as defined by U.S. export
restrictions on software products. Exportable cipher suites may be exported to most countries from the
United States, and provide the strongest encryption available for exportable products.
Each cipher suite specifies a set of key exchange algorithms. For example, Figure 3-1 summarizes the
algorithms associated with the rsa-export-with-rc4-40-md5 cipher suite.
Figure 3-1 Cipher Suite Algorithms
Table 3-1 lists the supported cipher suites and indicates whether those cipher suites are exportable, the
authentication certificate, and the encryption key required by the cipher suite.
Table 3-1 SSL Cipher Suites
Note The client-specified order for ciphers overrides the cipher list priority assigned here if the cipher list is
applied to an accelerated service. The priorities assigned in this cipher list are only applicable if the
cipher list is applied to SSL peering and management services.
Examples The following example shows how to enter cipher list configuration mode for the cipher list named
myciphers, and then add the cipher suite rsa-with-3des-ede-cbc-sha with a priority of 1:
WAE(config)# crypto ssl cipher-list myciphers
78265
rsa-export-with-rc4-40-md5
Rivest, Shamir and Adelman
(RSA) Key Exchange Algorithm
Message Authentication
Algorithm
Indicates the
cipher suite is
Exportable
Data Encryption
Algorithm
Cipher Suite Exportable
Authentication
Certificate Used
Key Exchange
Algorithm Used
rsa-with-rc4-128-md5 No RSA certificate RSA key exchange
rsa-with-rc4-128-sha No RSA certificate RSA key exchange
rsa-with-des-cbc-sha No RSA certificate RSA key exchange
rsa-with-3des-ede-cbc-sha No RSA certificate RSA key exchange
dhe-rsa-with-des-cbc-sha No RSA certificate Ephemeral
Diffie-Hellman key
exchange
dhe-rsa-with-3des-ede-cbc-sha No RSA certificate Ephemeral
Diffie-Hellman key
exchange