D-Link Systems DGS-3600 Manual

A SERVICE OF

next previous

xStack

®

DGS-3600 Series Layer 3 Gigabit Ethernet Managed Switch CLI Manual

618

disable ssl

Purpose To disable the SSL function on the Switch.

Syntax

disable ssl {ciphersuite {RSA_with_RC4_128_MD5 | RSA_with_3DES_EDE_CBC_SHA |

DHE_DSS_with_3DES_EDE_CBC_SHA | RSA_EXPORT_with_RC4_40_MD5}}

Description This command will disable SSL on the Switch and can be used to disable any one or

combination of listed ciphersuites on the Switch.

Parameters

ciphersuite – A security string that determines the exact cryptographic parameters, specific

encryption algorithms and key sizes to be used for an authentication session. The user may

choose any combination of the following:

• RSA_with_RC4_128_MD5 – This ciphersuite combines the RSA key exchange,

stream cipher RC4 encryption with 128-bit keys and the MD5 Hash Algorithm.

• RSA_with_3DES_EDE_CBC_SHA – This ciphersuite combines the RSA key

exchange, CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm.

• DHE_DSS_with_3DES_EDE_CBC_SHA – This ciphersuite combines the DSA Diffie

Hellman key exchange, CBC Block Cipher 3DES_EDE encryption and SHA Hash

Algorithm.

• RSA_EXPORT_with_RC4_40_MD5 – This ciphersuite combines the RSA Export

key exchange, stream cipher RC4 encryption with 40-bit keys.

Restrictions Only Administrator and Operator-level users can issue this command.

Example usage:

To disable the SSL status on the Switch:

DGS-3627:admin# disable ssl

Command: disable ssl

Success.

DGS-3627:admin#

To disable ciphersuite RSA_EXPORT_with_RC4_40_MD5 only:

DGS-3627:admin# disable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5

Command: disable ssl ciphersuite RSA_EXPORT_with_RC4_40_MD5

Success.

DGS-3627:admin#

config ssl cachetimeout

Purpose Used to configure the SSL cache timeout.

Syntax

config ssl cachetimeout <value 60-86400>

Description This command will set the time between a new key exchange between a client and a host

using the SSL function. A new SSL session is established every time the client and host go

through a key exchange. Specifying a longer timeout will allow the SSL session to reuse the

master key on future connections with that particular host, therefore speeding up the

negotiation process.

Parameters

<value 60-86400> – Enter a timeout value between 60 and 86400 seconds to specify the total

time an SSL key exchange ID stays valid before the SSL module will require a new, full SSL

negotiation for connection. The default cache timeout is 600 seconds

Restrictions Only Administrator and Operator-level users can issue this command.