custom-ciphers
Syntax
custom-ciphers [ecdhe-rsa-with-3des-ede-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha
| ecdhe-rsa-with-aes-128-cbc-sha256 | ecdhe-rsa-with-aes-128-gcm-sha256
| ecdhe-rsa-with-aes-256-cbc-sha | ecdhe-rsa-with-aes-256-cbc-sha384
| ecdhe-rsa-with-aes-256-gcm-sha384 | rsa-with-aes-128-cbc-sha256
RSA | rsa-with-aes-128-gcm-sha256 RSA | rsa-with-aes-256-cbc-sha256
RSA | rsa-with-aes-256-gcm-sha384 RSA | rsa-with-rc4-128-md5 RSA
| 128bit rc4 | md5 hash rsa-with-rc4-128-sha RSA | 128bit rc4 |sha
hash rsa-with-des-cbc-sha RSA | des cbc | sha hash rsa-with-3des-ede-cbc-sha
RSA | 3des ede/cbc | sha hash rsa-with-aes-128-cbc-sha RSA | 128
bit aes/cbc | sha hash rsa-with-aes-256-cbc-sha RSA | 256 bit aes/cbc
|sha hash rsa-export-with-rc4-40-md5 RSA-export | 40 bit rc4 | md5
hash rsa-export-with-des40-cbc-sha RSA-export | 40 bit des/cbc |
sha hash rsa-with-null-md5 RSA | no symmetric cipher | md5 hash
rsa-with-null-sha RSA | no symmetric cipher | sha hash | ecdhe-ecdsa-with-aes-256-gcm-sha384
| ecdhe-ecdsa-with-aes-256-cbc-sha384 | ecdhe-ecdsa-with-aes-256-cbc-sha
| ecdhe-ecdsa-with-aes-128-gcm-sha256 |ecdhe-ecdsa-with-aes-128-cbc-sha256
|ecdhe-ecdsa-with-aes-128-cbc-sha |ecdhe-ecdsa-with-3des-ede-cbc-sha);];
Hierarchy Level
[edit services ssl proxy profile profile-name]
[edit services ssl termination profile profile-name]
[edit services ssl initiation profile profile-name]
Release Information
Statement introduced in Junos OS Release 12.1X44-D10.
This statement is supported in the SRX340, SRX345, SRX380, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX instances. Options to support Elliptic Curve Digital Signature Algorithm (ECDSA) added in Junos OS Release 18.3R1.
Description
Configure custom cipher for an SSL profile.
Custom ciphers allow you to define your own cipher list. If you do not want to use one of the three categories (strong, medium, or week) of preferred ciphers, you can select ciphers from each of the categories to form a custom cipher set.
To configure custom ciphers, you must set preferred-ciphers to custom. See preferred-ciphers for more details.
Options
ecdhe-rsa-with-3des-ede-cbc-sha—ECDHE/RSA, 3 DES EDE/CBC, SHA hash
ecdhe-rsa-with-aes-128-cbc-sha—ECDHE/RSA, 128-bit AES/CBC, SHA hash
ecdhe-rsa-with-aes-128-cbc-sha256—ECDHE/RSA, 128-bit AES/CBC, SHA256 hash
ecdhe-rsa-with-aes-128-gcm-sha256—ECDHE/RSA, 128-bit AES/GCM, SHA256 hash
ecdhe-rsa-with-aes-256-cbc-sha—ECDHE/RSA, 256-bit AES/CBC, SHA hash
ecdhe-rsa-with-aes-256-cbc-sha384—ECDHE/RSA, 256-bit AES/CBC, SHA384 hash
ecdhe-rsa-with-aes-256-gcm-sha384—ECDHE/RSA, 256-bit AES/GCM, SHA384 hash
rsa-export-with-des40-cbc-sha—RSA-export, 40-bit DES/CBC, SHA hash
rsa-export-with-rc4-40-md5—RSA-export, 40-bit RC4, MD5 hash
rsa-export1024-with-des-cbc-sha—RSA 1024-bit export, DES/CBC, SHA hash
rsa-export1024-with-rc4-56-md5—RSA 1024-bit export, 56 bit RC4, MD5 hash
rsa-export1024-with-rc4-56-sha—RSA 1024-bit export, 56 bit RC4, SHA hash
rsa-with-3des-ede-cbc-sha—RSA, 3DES EDE/CBC, SHA hash
rsa-with-aes-128-cbc-sha—RSA, 128-bit AES/CBC, SHA hash
rsa-with-aes-128-cbc-sha256—RSA, 128-bit AES/CBC, SHA256 hash
rsa-with-aes-128-gcm-sha256—RSA, 128-bit AES/GCM, SHA256 hash
rsa-with-aes-256-cbc-sha—RSA, 256-bit AES/CBC, SHA hash
rsa-with-aes-256-cbc-sha256—RSA, 256-bit AES/CBC, SHA256 hash
rsa-with-aes-256-gcm-sha384—RSA, 256-bit AES/GCM, SHA384 hash
rsa-with-des-cbc-sha—RSA, DES CBC, SHA hash
rsa-with-null-md5—RSA,
no symmetric cipher, MD5 hash
rsa-with-null-sha—RSA,
no symmetric cipher, SHA hash
rsa-with-rc4-128-md5—RSA, 128-bit RC4, MD5 hash
rsa-with-rc4-128-sha—RSA, 128-bit RC4, SHA hash
ecdhe-ecdsa-with-aes-256-gcm-sha384—ECDHE,ECDSA, 256 bit aes/gcm, sha384 hash
ecdhe-ecdsa-with-aes-256-cbc-sha384—ECDHE,ECDSA, 256 bit aes/cbc, sha384 hash
ecdhe-ecdsa-with-aes-256-cbc-sha—ECDHE,ECDSA, 256 bit aes/cbc, sha hash
ecdhe-ecdsa-with-aes-128-gcm-sha256—ECDHE,ECDSA, 128 bit aes/gcm, sha256 hash
ecdhe-ecdsa-with-aes-128-cbc-sha256—ECDHE,ECDSA, 128 bit aes/cbc, sha256 hash
ecdhe-ecdsa-with-aes-128-cbc-sha—ECDHE,ECDSA, 128 bit aes/cbc, sha hash
ecdhe-ecdsa-with-3des-ede-cbc-sha—ECDHE,ECDSA, 3des ede/cbc, sha hash
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.