Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
617
Views
0
Helpful
1
Replies

SSL Ciphers

lionellemaire
Level 1
Level 1

‎01-22-2007 03:31 AM

Hello,

one of my clients would like to use the best ciphers available nowadays for their secure web sites.

I did take a look at this page :

http://www.cisco.com/en/US/partner/products/hw/contnetw/ps792/products_command_reference_chapter09186a0080157a4c.html#wp1139899

but I really don't know which one is the best for us.

We're doing server authentication with an Verisign Certificate , the clients OS is win2k and above.

CSS1# sh ssl associate rsakey acvonlinekey1

1024-bit RSA keypair

ssl-proxy-list sslacvcsc

ssl-server 1

ssl-server 1 vip address 192.168.167.10

ssl-server 1 rsakey acvonlinekey1

ssl-server 1 cipher rsa-export1024-with-rc4-56-sha 192.168.1.1 81

ssl-server 1 cipher rsa-export1024-with-des-cbc-sha 192.168.1.1 81

ssl-server 2

ssl-server 2 vip address 192.168.167.11

ssl-server 2 rsakey cscenlignekey1

ssl-server 2 cipher rsa-export1024-with-rc4-56-sha 192.168.1.2 81

ssl-server 2 cipher rsa-export1024-with-des-cbc-sha 192.168.1.2 81

ssl-server 1 rsacert certificat-csc-en-ligne1

ssl-server 2 rsacert certificat-acv-online2

ssl-server 1 cipher rsa-with-rc4-128-sha 192.168.1.1 81

active

Any help or advice ??

Lionel

Labels:
0 Helpful
1 Reply 1

bwilmoth
Level 5
Level 5

‎01-31-2007 06:29 AM

The SSL cipher dhe-dss-export1024-with-rc4-56-sha is suitable because it has exportable option and also it uses DSA (DSS) certificate

Ephemeral Diffie-Hellman.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card