-
-
-
-
-
-
-
-
ssl-cipher
-
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
ssl-cipher
The following operations can be performed on “ssl-cipher”:
unset ssl cipher
Use this command to remove ssl cipher settings.Refer to the set ssl cipher command for meanings of the arguments.
Synopsis
unset ssl cipher
show ssl cipher
Displays information about all the cipher groups defined on the appliance, or displays detailed information about the specified cipher group.
Synopsis
show ssl cipher [
Arguments
cipherGroupName Name of the cipher group for which to show detailed information.
sslProfile Name of the profile to which cipher is attached.
Output
description Cipher suite description.
cipherName Cipher name.
flag stateflag cipherPriority This indicates priority assigned to the particular cipher
peFlags devno count
Example
1) An example of the output of the show ssl cipher SSL3-RC4-MD5 command is as follows: Cipher Name: SSL3-RC4-MD5 Description: SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2) This example displays the details of individual ciphers in the system predefinedcipher-alias: SSLv3 (the command show ssl cipher SSLv3 has been entered): 1) Cipher Name: SSL3-RC4-MD5 Priority:1 Description: SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5 2) Cipher Name: SSL3-RC4-SHA Priority:2 Description: SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 3) Cipher Name: SSL3-DES-CBC3-SHA Priority:3 Description: SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1 4) Cipher Name: SSL3-DES-CBC-SHA Priority:4 Description: SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1 5) Cipher Name: TLS1-AES-256-CBC-SHA Priority:5 Description: SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 6) Cipher Name: TLS1-AES-128-CBC-SHA Priority:6 Description: SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 7) Cipher Name: SSL3-EXP-RC4-MD5 Priority:7 Description: SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 Export 8) Cipher Name: SSL3-EXP-DES-CBC-SHA Priority:8 Description: SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 Export 9) Cipher Name: SSL3-EXP-RC2-CBC-MD5 Priority:9 Description: SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 Export 10) Cipher Name: SSL3-EDH-DSS-DES-CBC3-SHA Priority:10 Description: SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
unbind ssl cipher
Removes all the ciphers from a user-defined cipher group. You can only remove individual ciphers from a user-defined cipher group. Removing groups is not supported.
Synopsis
unbind ssl cipher
Arguments
cipherGroupName Name of the user-defined cipher group.
cipherName Name(s) of the cipher(s) to be removed from the user-defined cipher group.
Example
1) rm ssl cipher mygroup SSL2-RC4-MD5 The above example removes the cipher SSL2-RC4-MD5 from the cipher group mygroup. 2) rm ssl cipher mygroup The above example will remove the cipher group ‘mygroup’ from the system. 3) unbind ssl cipher cipher_sha -cipherName TLS1.2-AES-256-SHA256 The above example will remove the cipher TLS1.2-AES-256-SHA256 from cipher_sha cipher group.
set ssl cipher
Modifies the priority of the cipher within a cipher group.
Synopsis
set ssl cipher
Arguments
cipherGroupName Name of the cipher group.
cipherName Cipher name.
cipherPriority This indicates priority assigned to the particular cipher Minimum value: 1
Example
1) set ssl cipher cipher_sha -cipher TLS1-AES-128-CBC-SHA -cipherpriority 1 The above example sets the priority of TLS1-AES-128-CBC-SHA to 1 within the cipher group cipher_sha.
bind ssl cipher
Adds ciphers to a user-defined cipher group. You can add an existing cipher group to a user-defined cipher group but you cannot modify a built-in cipher group.
Synopsis
bind ssl cipher [
Arguments
cipherGroupName Name of the user-defined cipher group.
cipherName Name of the individual cipher, user-defined cipher group, or predefined (built-in) cipher alias to add to the cipher group.
cipherPriority Priority of the cipher to be added Minimum value: 1 Maximum value: 1000
Example
1) bind ssl cipher sslvip ADD SSL3-RC4-SHA The above example appends the cipher SSL3-RC4-SHA to the cipher-suite already configured for the SSL virtual server sslvip. 2) bind ssl cipher sslvip REM NULL The above example removes the ciphers identified by the system’s predefined cipher-alias -NULL from the cipher-suite already configured for the SSL virtual server sslvip. 3) bind ssl cipher sslvip ORD HIGH The above example overrides the existing cipher-suite configured for the SSL virtual server with ciphers, having HIGH encryption strength (ciphers supporting 168-bit encryption). 4) bind ssl cipher cipher_sha -cipherName TLS1.2-AES-128-SHA256 The above example adds the cipher TLS1.2-AES-128-SHA256 to the cipher group cipher_sha. Priority of added cipersuite will be next available maximum value in cipher group cipher_sha. 3i) bind ssl cipher cipher_sha -cipherName TLS1.2-AES-128-SHA256 -cipherPriority 5 The above example adds the cipher TLS1.2-AES-128-SHA256 to the cipher group cipher_sha at priority 5. If cipher already bounded at higher priority in the cipher group, then cipher priority remains same.
Note: The individual ciphers contained in a system predefined cipher-alias can beviewed by using the following command: show ssl cipher
Related Commands
add ssl cipher
Creates a user-defined cipher group, which you can bind to an SSL virtual server instead of binding ciphers individually. Although you cannot modify a built-in cipher group, you can add built-in cipher groups as well as individual ciphers to a user-defined cipher group.
Synopsis
add ssl cipher
Arguments
cipherGroupName Name for the user-defined cipher group. Must begin with an ASCII alphanumeric or underscore (_) character, and must contain only ASCII alphanumeric, underscore, hash (#), period (.), space, colon (:), at (@), equals (=), and hyphen (-) characters. Cannot be changed after the cipher group is created.
The following requirement applies only to the Citrix ADC CLI: If the name includes one or more spaces, enclose the name in double or single quotation marks (for example, “my ciphergroup” or ‘my ciphergroup’).
Example
1) add ssl cipher mygroup SSL2-RC4-MD5 SSL2-EXP-RC4-MD5 The above command creates a new cipher-group by the name: mygroup, with the two ciphers SSL2-RC4-MD5 and SSL2-EXP-RC4-MD5, as part of the cipher-group. If a cipher-group by the name: mygroup already exists in system, then the two ciphers is added to the list of ciphers contained in the group.
2) add ssl cipher mygroup HIGH MEDIUM The above command creates a new cipher-group by the name: mygroup, with the ciphers from the cipher alias “HIGH” and “MEDIUM” as part of the cipher group. If a cipher-group by the name, mygroup, already exists in system, then the ciphers from the two aliases is added to the list of ciphers contained in the group.
3) add ssl cipher cipher_sha The above command creates a new cipher-group by the name: cipher_sha and No ciphers added to the created cipher group.
rm ssl cipher
Removes a user-defined cipher group from the appliance.
Synopsis
rm ssl cipher
Arguments
cipherGroupName Name of the user-defined cipher group to remove.
Example
1)rm ssl cipher mygroup SSL2-RC4-MD5 The above example removes the cipher SSL2-RC4-MD5 from the cipher group mygroup. 2)rm ssl cipher mygroup The above example will remove the cipher group ‘mygroup’ from the system.
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.