Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?





Hierarchy Level

Release Information

Statement introduced in Junos OS Release 12.1X44-D10.

This statement is supported in the SRX340, SRX345, SRX380, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX instances. Options to support Elliptic Curve Digital Signature Algorithm (ECDSA) added in Junos OS Release 18.3R1.


Configure custom cipher for an SSL profile.

Custom ciphers allow you to define your own cipher list. If you do not want to use one of the three categories (strong, medium, or week) of preferred ciphers, you can select ciphers from each of the categories to form a custom cipher set.

To configure custom ciphers, you must set preferred-ciphers to custom. See preferred-ciphers for more details.


ecdhe-rsa-with-3des-ede-cbc-shaECDHE/RSA, 3 DES EDE/CBC, SHA hash
ecdhe-rsa-with-aes-128-cbc-shaECDHE/RSA, 128-bit AES/CBC, SHA hash
ecdhe-rsa-with-aes-128-cbc-sha256ECDHE/RSA, 128-bit AES/CBC, SHA256 hash
ecdhe-rsa-with-aes-128-gcm-sha256ECDHE/RSA, 128-bit AES/GCM, SHA256 hash
ecdhe-rsa-with-aes-256-cbc-shaECDHE/RSA, 256-bit AES/CBC, SHA hash
ecdhe-rsa-with-aes-256-cbc-sha384ECDHE/RSA, 256-bit AES/CBC, SHA384 hash
ecdhe-rsa-with-aes-256-gcm-sha384ECDHE/RSA, 256-bit AES/GCM, SHA384 hash
rsa-export-with-des40-cbc-shaRSA-export, 40-bit DES/CBC, SHA hash
rsa-export-with-rc4-40-md5RSA-export, 40-bit RC4, MD5 hash
rsa-export1024-with-des-cbc-shaRSA 1024-bit export, DES/CBC, SHA hash
rsa-export1024-with-rc4-56-md5RSA 1024-bit export, 56 bit RC4, MD5 hash
rsa-export1024-with-rc4-56-shaRSA 1024-bit export, 56 bit RC4, SHA hash
rsa-with-3des-ede-cbc-shaRSA, 3DES EDE/CBC, SHA hash
rsa-with-aes-128-cbc-shaRSA, 128-bit AES/CBC, SHA hash
rsa-with-aes-128-cbc-sha256RSA, 128-bit AES/CBC, SHA256 hash
rsa-with-aes-128-gcm-sha256RSA, 128-bit AES/GCM, SHA256 hash
rsa-with-aes-256-cbc-shaRSA, 256-bit AES/CBC, SHA hash
rsa-with-aes-256-cbc-sha256RSA, 256-bit AES/CBC, SHA256 hash
rsa-with-aes-256-gcm-sha384RSA, 256-bit AES/GCM, SHA384 hash
rsa-with-des-cbc-shaRSA, DES CBC, SHA hash
rsa-with-null-md5RSA, no symmetric cipher, MD5 hash
rsa-with-null-shaRSA, no symmetric cipher, SHA hash
rsa-with-rc4-128-md5RSA, 128-bit RC4, MD5 hash
rsa-with-rc4-128-shaRSA, 128-bit RC4, SHA hash
ecdhe-ecdsa-with-aes-256-gcm-sha384ECDHE,ECDSA, 256 bit aes/gcm, sha384 hash
ecdhe-ecdsa-with-aes-256-cbc-sha384ECDHE,ECDSA, 256 bit aes/cbc, sha384 hash
ecdhe-ecdsa-with-aes-256-cbc-shaECDHE,ECDSA, 256 bit aes/cbc, sha hash
ecdhe-ecdsa-with-aes-128-gcm-sha256ECDHE,ECDSA, 128 bit aes/gcm, sha256 hash
ecdhe-ecdsa-with-aes-128-cbc-sha256ECDHE,ECDSA, 128 bit aes/cbc, sha256 hash
ecdhe-ecdsa-with-aes-128-cbc-shaECDHE,ECDSA, 128 bit aes/cbc, sha hash
ecdhe-ecdsa-with-3des-ede-cbc-shaECDHE,ECDSA, 3des ede/cbc, sha hash

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.