D-Link Systems DGS-3400 Manual

A SERVICE OF

next previous

xStack

®

DGS-3400 Series Layer 2 Gigabit Managed Switch CLI Manual

291

disable ssl

Purpose To disable the SSL function on the Switch.

Syntax

disable ssl {ciphersuite {RSA_with_RC4_128_MD5 |

RSA_with_3DES_EDE_CBC_SHA | DHE_DSS_with_3DES_EDE_CBC_SHA |

RSA_EXPORT_with_RC4_40_MD5} (1) }

Description This command is used to disable SSL on the Switch and can be used to disable any one

or combination of listed ciphersuites on the Switch.

Parameters ciphersuite – A security string that determines the exact cryptographic parameters,

specific encryption algorithms and key sizes to be used for an authentication session.

The user may choose any combination of the following:

• RSA_with_RC4_128_MD5 – This ciphersuite combines the RSA key exchange,

stream cipher RC4 encryption with 128–bit keys and the MD5 Hash Algorithm.

• RSA_with_3DES_EDE_CBC_SHA – This ciphersuite combines the RSA key

exchange, CBC Block Cipher 3DES_EDE encryption and the SHA Hash

Algorithm.

• DHE_DSS_with_3DES_EDE_CBC_SHA – This ciphersuite combines the DSA

Diffie Hellman key exchange, CBC Block Cipher 3DES_EDE encryption and SHA

Hash Algorithm.

• RSA_EXPORT_with_RC4_40_MD5 – This ciphersuite combines the RSA Export

key exchange, stream cipher RC4 encryption with 40–bit keys.

Restrictions Only Administrator and Operator-level users can issue this command.

Example usage:

To disable the SSL status on the Switch:

DGS–3426:5#disable ssl

Command: disable ssl

Success.

DGS–3426:5#

To disable ciphersuite RSA_EXPORT_with_RC4_40_MD5 only:

DGS–3426:5#disable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5

Command: disable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5

Success.

DGS–3426:5#

config ssl cachetimeout

Purpose Used to configure the SSL cache timeout.

Syntax

config ssl cachetimeout <value 60–86400>

Description This command is used to set the time between a new key exchange between a client and

a host using the SSL function. A new SSL session is established every time the client and

host go through a key exchange. Specifying a longer timeout will allow the SSL session to

reuse the master key on future connections with that particular host, therefore speeding

up the negotiation process.

Parameters timeout <value 60–86400> – Enter a timeout value between 60 and 86400 seconds to

specify the total time an SSL key exchange ID stays valid before the SSL module will

require a new, full SSL negotiation for connection. The default cache timeout is 600

seconds

Restrictions Only Administrator and Operator-level users can issue this command.