729rsa_aes_256_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, dataencryption algorithm 256-bit AES_CBC, and MAC algorithm SHA.rsa_des_cbc_sha: Specifies the cipher suite that uses key exchange algorithm RSA, dataencryption algorithm DES_CBC, and MAC algorithm SHA.rsa_rc4_128_md5: Specifies the cipher suite that uses key exchange algorithm RSA, dataencryption algorithm 128-bit RC4, and MAC algorithm MD5.rsa_rc4_128_sha: Specifies the cipher suite that uses key exchange algorithm RSA, dataencryption algorithm 128-bit RC4, and MAC algorithm SHA.Usage guidelinesSSL employs the following algorithms:• Data encryption algorithms—Encrypt data to ensure privacy. Commonly used dataencryption algorithms are usually symmetric key algorithms, such as DES_CBC,3DES_EDE_CBC, AES_CBC, and RC4. When using a symmetric key algorithm, the SSLserver and the SSL client must use the same key.• Message Authentication Code (MAC) algorithms—Calculate the MAC value for data toensure integrity. Commonly used MAC algorithms include MD5 and SHA. When using a MACalgorithm, the SSL server and the SSL client must use the same key.• Key exchange algorithms—Implement secure exchange of the keys used by the symmetrickey algorithm and the MAC algorithm. Commonly used key exchange algorithms areasymmetric key algorithms, such as RSA.The SSL client sends the preferred cipher suite to the SSL server. The server compares the receivedcipher suite with the cipher suits it supports. If a match is found, the cipher suite negotiationsucceeds. If no match is found, the negotiation fails.If you execute this command multiple times, the most recent configuration takes effect.Examples# Configure SSL client policy policy1 to support key exchange algorithm RSA, data encryptionalgorithm 128-bit AES_CBC, and MAC algorithm SHA. system-view[Sysname] ssl client-policy policy1[Sysname-ssl-client-policy-policy1] prefer-cipher rsa_aes_128_cbc_shaRelated commandsciphersuitedisplay ssl client-policyserver-verify enableUse server-verify enable to enable the SSL client to use digital certificates to authenticate SSLservers.Use undo server-verify enable to disable SSL server authentication. The SSL client does notauthenticate any SSL servers.Syntaxserver-verify enableundo server-verify enableDefaultThe SSL client uses digital certificates to authenticate SSL servers.