custom-ciphers
Syntax (Prior to Junos OS Release 21.2R1)
custom-ciphers [ecdhe-rsa-with-3des-ede-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha256 | ecdhe-rsa-with-aes-128-gcm-sha256 | ecdhe-rsa-with-aes-256-cbc-sha | ecdhe-rsa-with-aes-256-cbc-sha384 | ecdhe-rsa-with-aes-256-gcm-sha384 | rsa-with-aes-128-cbc-sha256 RSA | rsa-with-aes-128-gcm-sha256 RSA | rsa-with-aes-256-cbc-sha256 RSA | rsa-with-aes-256-gcm-sha384 RSA | rsa-with-rc4-128-md5 RSA | 128bit rc4 | md5 hash rsa-with-rc4-128-sha RSA | 128bit rc4 |sha hash rsa-with-des-cbc-sha RSA | des cbc | sha hash rsa-with-3des-ede-cbc-sha RSA | 3des ede/cbc | sha hash rsa-with-aes-128-cbc-sha RSA | 128 bit aes/cbc | sha hash rsa-with-aes-256-cbc-sha RSA | 256 bit aes/cbc |sha hash rsa-export-with-rc4-40-md5 RSA-export | 40 bit rc4 | md5 hash rsa-export-with-des40-cbc-sha RSA-export | 40 bit des/cbc | sha hash rsa-with-null-md5 RSA | no symmetric cipher | md5 hash rsa-with-null-sha RSA | no symmetric cipher | sha hash | ecdhe-ecdsa-with-aes-256-gcm-sha384 | ecdhe-ecdsa-with-aes-256-cbc-sha384 | ecdhe-ecdsa-with-aes-256-cbc-sha | ecdhe-ecdsa-with-aes-128-gcm-sha256 |ecdhe-ecdsa-with-aes-128-cbc-sha256 |ecdhe-ecdsa-with-aes-128-cbc-sha |ecdhe-ecdsa-with-3des-ede-cbc-sha]
Syntax (Starting in Junos OS Release 21.2R1)
custom-ciphers [tls12-rsa-aes-128-cbc-sha | tls12-rsa-aes-256-cbc-sha | tls12-rsa-aes-256-gcm-sha384 | tls12-rsa-aes-256-cbc-sha256 | tls12-rsa-aes-128-gcm-sha256 | tls12-rsa-aes-128-cbc-sha256 | tls12-ecdhe-rsa-aes-256-gcm-sha384 | tls12-ecdhe-rsa-aes-256-cbc-sha | tls12-ecdhe-rsa-aes-256-cbc-sha384 | tls12-ecdhe-rsa-3des-ede-cbc-sha | tls12-ecdhe-rsa-aes-128-gcm-sha256 | tls12-ecdhe-rsa-aes-128-cbc-sha | tls12-ecdhe-rsa-aes-128-cbc-sha256 | tls12-rsa-aes-128-ccm-sha256 | tls12-rsa-aes-128-ccm8-sha256 | tls12-rsa-aes-256-ccm-sha256 | tls12-rsa-aes-256-ccm8-sha256 | tls12-ecdhe-ecdsa-aes-128-ccm-sha256 | tls12-ecdhe-ecdsa-aes-256-ccm-sha256 | tls12-ecdhe-ecdsa-aes-128-ccm8-sha256 | tls12-ecdhe-ecdsa-aes-256-ccm8-sha256 | tls12-ecdhe-rsa-chacha20-poly1305-sha256 | tls12-ecdhe-ecdsa-aes-256-gcm-sha384 | tls12-ecdhe-ecdsa-aes-256-cbc-sha | tls12-ecdhe-ecdsa-aes-256-cbc-sha384 | tls12-ecdhe-ecdsa-aes-128-gcm-sha256 | tls12-ecdhe-ecdsa-aes-128-cbc-sha | tls12-ecdhe-ecdsa-aes-128-cbc-sha256 | tls12-ecdhe-ecdsa-3des-ede-cbc-sha | dhe-rsa-with-aes-128-ccm8-sha256 | dhe-rsa-with-aes-256-ccm8-sha256 | dhe-rsa-with-aes-256-ccm-sha256 | dhe-rsa-with-aes-128-ccm-sha256 | tls12-ecdhe-ecdsa-chacha20-poly1305-sha256 | tls13-with-aes-256-gcm-sha384 | tls13-with-aes-128-gcm-sha256 | tls13-with-chacha20-poly1305-sha256 | tls13-with-aes-128-ccm-sha256 | tls13-with-aes-128-ccm8-sha256]
Syntax (Starting in Junos OS Release 24.2R1)
custom-ciphers [dhe-rsa-with-3des-ede-cbc-sha | dhe-rsa-with-aes-128-cbc-sha | dhe-rsa-with-aes-128-cbc-sha256 | dhe-rsa-with-aes-128-ccm8-sha256 | dhe-rsa-with-aes-128-ccm-sha256 | dhe-rsa-with-aes-128-gcm-sha256 | dhe-rsa-with-aes-256-cbc-sha | dhe-rsa-with-aes-256-cbc-sha256 | dhe-rsa-with-aes-256-ccm8-sha256 | dhe-rsa-with-aes-256-ccm-sha256 | dhe-rsa-with-aes-256-gcm-sha384 | ecdhe-ecdsa-with-3des-ede-cbc-sha | ecdhe-ecdsa-with-aes-128-cbc-sha | ecdhe-ecdsa-with-aes-128-cbc-sha256 | ecdhe-ecdsa-with-aes-128-gcm-sha256 | ecdhe-ecdsa-with-aes-256-cbc-sha | ecdhe-ecdsa-with-aes-256-cbc-sha384 | ecdhe-ecdsa-with-aes-256-gcm-sha384 | ecdhe-rsa-with-3des-ede-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha | ecdhe-rsa-with-aes-128-cbc-sha256 | ecdhe-rsa-with-aes-128-gcm-sha256 | ecdhe-rsa-with-aes-256-cbc-sha | ecdhe-rsa-with-aes-256-cbc-sha384 | ecdhe-rsa-with-aes-256-gcm-sha384 | rsa-export1024-with-des-cbc-sha | rsa-export1024-with-rc4-56-md5 | rsa-export1024-with-rc4-56-sha | rsa-export-with-des40-cbc-sha | rsa-export-with-rc4-40-md5 | rsa-with-3des-ede-cbc-sha | rsa-with-aes-128-cbc-sha | rsa-with-aes-128-cbc-sha256 | rsa-with-aes-128-gcm-sha256 | rsa-with-aes-256-cbc-sha | rsa-with-aes-256-cbc-sha256 | rsa-with-aes-256-gcm-sha384 | rsa-with-des-cbc-sha | rsa-with-rc4-128-md5 | rsa-with-rc4-128-sha | tls12-ecdhe-ecdsa-3des-ede-cbc-sha | tls12-ecdhe-ecdsa-aes-128-cbc-sha | tls12-ecdhe-ecdsa-aes-128-cbc-sha256 | tls12-ecdhe-ecdsa-aes-128-ccm8-sha256 | tls12-ecdhe-ecdsa-aes-128-ccm-sha256 | tls12-ecdhe-ecdsa-aes-128-gcm-sha256 | tls12-ecdhe-ecdsa-aes-256-cbc-sha | tls12-ecdhe-ecdsa-aes-256-cbc-sha384 | tls12-ecdhe-ecdsa-aes-256-ccm8-sha256 | tls12-ecdhe-ecdsa-aes-256-ccm-sha256 | tls12-ecdhe-ecdsa-aes-256-gcm-sha384 | tls12-ecdhe-ecdsa-chacha20-poly1305-sha256 | tls12-ecdhe-rsa-3des-ede-cbc-sha | tls12-ecdhe-rsa-aes-128-cbc-sha | tls12-ecdhe-rsa-aes-128-cbc-sha256 | tls12-ecdhe-rsa-aes-128-gcm-sha256 | tls12-ecdhe-rsa-aes-256-cbc-sha | tls12-ecdhe-rsa-aes-256-cbc-sha384 | tls12-ecdhe-rsa-aes-256-gcm-sha384 | tls12-ecdhe-rsa-chacha20-poly1305-sha256 | tls12-rsa-aes-128-cbc-sha | tls12-rsa-aes-128-cbc-sha256 | tls12-rsa-aes-128-ccm8-sha256 | tls12-rsa-aes-128-ccm-sha256 | tls12-rsa-aes-128-gcm-sha256 | tls12-rsa-aes-256-cbc-sha | tls12-rsa-aes-256-cbc-sha256 | tls12-rsa-aes-256-ccm8-sha256 | tls12-rsa-aes-256-ccm-sha256 | tls12-rsa-aes-256-gcm-sha384 | tls13-with-aes-128-ccm8-sha256 | tls13-with-aes-128-ccm-sha256 | tls13-with-aes-128-gcm-sha256 | tls13-with-aes-256-gcm-sha384 | tls13-with-chacha20-poly1305-sha256]
Hierarchy Level
[edit services ssl proxy profile profile-name] [edit services ssl termination profile profile-name] [edit services ssl initiation profile profile-name]
Description
Configure custom cipher for an SSL profile.
Custom ciphers allow you to define your own cipher list. If you do not want to use one of the three categories (strong, medium, or week) of preferred ciphers, you can select ciphers from each of the categories to form a custom cipher set.
To configure custom ciphers, you must set preferred-ciphers to custom. See preferred-ciphers for more details.
Options
| dhe-rsa-with-3des-ede-cbc-sha |
DHE/rsa, 3des ede/cbc, sha hash |
| dhe-rsa-with-aes-128-cbc-sha |
DHE/rsa, 128 bit aes/cbc, sha hash |
| dhe-rsa-with-aes-128-cbc-sha256 |
DHE/rsa, 128 bit aes/cbc, sha256 hash |
| dhe-rsa-with-aes-128-ccm8-sha256 |
DHE/rsa, 128 bit aes/ccm8, sha256 hash |
| dhe-rsa-with-aes-128-ccm-sha256 |
DHE/rsa, 128 bit aes/ccm, sha256 hash |
| dhe-rsa-with-aes-128-gcm-sha256 |
DHE/rsa, 128 bit aes/gcm, sha256 hash |
| dhe-rsa-with-aes-256-cbc-sha |
DHE/rsa, 256 bit aes/cbc, sha hash |
| dhe-rsa-with-aes-256-cbc-sha256 |
DHE/rsa, 256 bit aes/cbc, sha256 hash |
| dhe-rsa-with-aes-256-ccm8-sha256 |
DHE/rsa, 256 bit aes/ccm8, sha256 hash |
| dhe-rsa-with-aes-256-ccm-sha256 |
DHE/rsa, 256 bit aes/ccm, sha256 hash |
| dhe-rsa-with-aes-256-gcm-sha384 |
DHE/rsa, 256 bit aes/gcm, sha384 hash |
| ecdhe-ecdsa-with-3des-ede-cbc-sha |
ECDHE,ECDSA, 3des ede/cbc, sha hash |
| ecdhe-ecdsa-with-aes-128-cbc-sha |
ECDHE,ECDSA, 128 bit aes/cbc, sha hash |
| ecdhe-ecdsa-with-aes-128-cbc-sha256 |
ECDHE,ECDSA, 128 bit aes/cbc, sha256 hash |
| ecdhe-ecdsa-with-aes-128-gcm-sha256 |
ECDHE,ECDSA, 128 bit aes/gcm, sha256 hash |
| ecdhe-ecdsa-with-aes-256-cbc-sha |
ECDHE,ECDSA, 256 bit aes/cbc, sha hash |
| ecdhe-ecdsa-with-aes-256-cbc-sha384 |
ECDHE,ECDSA, 256 bit aes/cbc, sha384 hash |
| ecdhe-ecdsa-with-aes-256-gcm-sha384 |
ECDHE,ECDSA, 256 bit aes/gcm, sha384 hash |
| ecdhe-rsa-with-3des-ede-cbc-sha |
ECDHE/rsa, 3des ede/cbc, sha hash |
| ecdhe-rsa-with-aes-128-cbc-sha |
ECDHE/rsa, 128 bit aes/cbc, sha hash |
| ecdhe-rsa-with-aes-128-cbc-sha256 |
ECDHE/rsa, 128 bit aes/cbc, sha256 hash |
| ecdhe-rsa-with-aes-128-gcm-sha256 |
ECDHE/rsa, 128 bit aes/gcm, sha256 hash |
| ecdhe-rsa-with-aes-256-cbc-sha |
ECDHE/rsa, 256 bit aes/cbc, sha hash |
| ecdhe-rsa-with-aes-256-cbc-sha384 |
ECDHE/rsa, 256 bit aes/cbc, sha384 hash |
| ecdhe-rsa-with-aes-256-gcm-sha384 |
ECDHE/rsa, 256 bit aes/gcm, sha384 hash |
| rsa-export1024-with-des-cbc-sha |
RSA 1024 bit export, des/cbc, sha hash |
| rsa-export1024-with-rc4-56-md5 |
RSA 1024 bit export, 56 bit rc4, md5 hash |
| rsa-export1024-with-rc4-56-sha |
RSA 1024 bit export, 56 bit rc4, sha hash |
| rsa-export-with-des40-cbc-sha |
RSA-export, 40 bit des/cbc, sha hash |
| rsa-export-with-rc4-40-md5 |
RSA-export, 40 bit rc4, md5 hash |
| rsa-with-3des-ede-cbc-sha |
RSA, 3des ede/cbc, sha hash |
| rsa-with-aes-128-cbc-sha |
RSA, 128 bit aes/cbc, sha hash |
| rsa-with-aes-128-cbc-sha256 |
RSA, 128 bit aes/cbc, sha256 hash |
| rsa-with-aes-128-gcm-sha256 |
RSA, 128 bit aes/gcm, sha256 hash |
| rsa-with-aes-256-cbc-sha |
RSA, 256 bit aes/cbc, sha hash |
| rsa-with-aes-256-cbc-sha256 |
RSA, 256 bit aes/cbc, sha256 hash |
| rsa-with-aes-256-gcm-sha384 |
RSA, 256 bit aes/gcm, sha384 hash |
| rsa-with-des-cbc-sha |
RSA, des cbc, sha hash |
| rsa-with-rc4-128-md5 |
RSA, 128bit rc4, md5 hash |
| rsa-with-rc4-128-sha |
RSA, 128bit rc4, sha hash |
| tls12-ecdhe-ecdsa-3des-ede-cbc-sha |
ECDHE,ECDSA, 3des ede/cbc, sha hash |
| tls12-ecdhe-ecdsa-aes-128-cbc-sha |
ECDHE,ECDSA, 128 bit aes/cbc, sha hash |
| tls12-ecdhe-ecdsa-aes-128-cbc-sha256 |
ECDHE,ECDSA, 128 bit aes/cbc, sha256 hash |
| tls12-ecdhe-ecdsa-aes-128-ccm8-sha256 |
ECDHE,ECDSA, 128 bit aes/ccm8, sha256 hash |
| tls12-ecdhe-ecdsa-aes-128-ccm-sha256 |
ECDHE,ECDSA, 128 bit aes/ccm, sha256 hash |
| tls12-ecdhe-ecdsa-aes-128-gcm-sha256 |
ECDHE,ECDSA, 128 bit aes/gcm, sha256 hash |
| tls12-ecdhe-ecdsa-aes-256-cbc-sha |
ECDHE,ECDSA, 256 bit aes/cbc, sha hash |
| tls12-ecdhe-ecdsa-aes-256-cbc-sha384 |
ECDHE,ECDSA, 256 bit aes/cbc, sha384 hash |
| tls12-ecdhe-ecdsa-aes-256-ccm8-sha256 |
ECDHE,ECDSA, 256 bit aes/ccm8, sha256 hash |
| tls12-ecdhe-ecdsa-aes-256-ccm-sha256 |
ECDHE,ECDSA, 256 bit aes/ccm, sha256 hash |
| tls12-ecdhe-ecdsa-aes-256-gcm-sha384 |
ECDHE,ECDSA, 256 bit aes/gcm, sha384 hash |
| tls12-ecdhe-ecdsa-chacha20-poly1305-sha256 |
ECDHE,ECDSA, chacha_poly, sha256 hash |
| tls12-ecdhe-rsa-3des-ede-cbc-sha |
ECDHE/rsa, 3des ede/cbc, sha hash |
| tls12-ecdhe-rsa-aes-128-cbc-sha |
ECDHE/rsa, 128 bit aes/cbc, sha hash |
| tls12-ecdhe-rsa-aes-128-cbc-sha256 |
ECDHE/rsa, 128 bit aes/cbc, sha256 hash |
| tls12-ecdhe-rsa-aes-128-gcm-sha256 |
ECDHE/rsa, 128 bit aes/gcm, sha256 hash |
| tls12-ecdhe-rsa-aes-256-cbc-sha |
ECDHE/rsa, 256 bit aes/cbc, sha hash |
| tls12-ecdhe-rsa-aes-256-cbc-sha384 |
ECDHE/rsa, 256 bit aes/cbc, sha384 hash |
| tls12-ecdhe-rsa-aes-256-gcm-sha384 |
ECDHE/rsa, 256 bit aes/gcm, sha384 hash |
| tls12-ecdhe-rsa-chacha20-poly1305-sha256 |
ECDHE/rsa, chacha_poly , sha256 hash |
| tls12-rsa-aes-128-cbc-sha |
RSA, 128 bit aes/cbc, sha hash |
| tls12-rsa-aes-128-cbc-sha256 |
RSA, 128 bit aes/cbc, sha256 hash |
| tls12-rsa-aes-128-ccm8-sha256 |
RSA, 128 bit aes/ccm8, sha256 hash |
| tls12-rsa-aes-128-ccm-sha256 |
RSA, 128 bit aes/ccm, sha256 hash |
| tls12-rsa-aes-128-gcm-sha256 |
RSA, 128 bit aes/gcm, sha256 hash |
| tls12-rsa-aes-256-cbc-sha |
RSA, 256 bit aes/cbc, sha hash |
| tls12-rsa-aes-256-cbc-sha256 |
RSA, 256 bit aes/cbc, sha256 hash |
| tls12-rsa-aes-256-ccm8-sha256 |
RSA, 128 bit aes/ccm8, sha256 hash |
| tls12-rsa-aes-256-ccm-sha256 |
RSA, 256 bit aes/ccm, sha256 hash |
| tls12-rsa-aes-256-gcm-sha384 |
RSA, 256 bit aes/gcm, sha384 hash |
| tls13-with-aes-128-ccm8-sha256 |
Any key-exchange, Any authentication,128bit aes, sha256 hash |
| tls13-with-aes-128-ccm-sha256 |
Any key-exchange, Any authentication,128bit aes, sha256 hash |
| tls13-with-aes-128-gcm-sha256 |
Any key-exchange, Any authentication,128bit aes, sha256 hash |
| tls13-with-aes-256-gcm-sha384 |
Any key-exchange, Any authentication,256bit aes, sha384 hash |
| tls13-with-chacha20-poly1305-sha256 |
Any key-exchange, Any authentication,chacha, sha256 hash |
Required Privilege Level
services—To view this statement in the configuration.
services-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 12.1X44-D10.
This statement is supported in the SRX340, SRX345, SRX380, SRX550M, SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, and SRX5800 devices and vSRX Virtual Firewall instances. Options to support Elliptic Curve Digital Signature Algorithm (ECDSA) added in Junos OS Release 18.3R1.
Transport Layer Security (TLS) protocol version 1.3 support for SSL proxy introduced in Junos OS 21.2R1.
CCM, CCM8, and TLS12 Chacha-poly ciphers introduced in Junos OS 22.1R1.
ECDSA ciphers support for SSL initiation and SSL termination profiles is available in Junos OS 24.2R1