Forum Discussion

rolf's avatar
rolf
Icon for Cirrus rankCirrus
Jun 30, 2017

Cipher Suite: Disable DHE / EDH?

Hi does somebody know how to disable DHE/DSS and EDH/RSA KeyX Algorithms? Thanks, Rolf [root@bigip1:Active:Standalone] config tmm --clientciphers 'ECDHE::AES:!ECDH_RSA:!ECDH_ECDSA:!DES:!SHA:!...
application delivery
custom cipher
LTM
openssl
rolf's avatar
rolf
Icon for Cirrus rankCirrus
Jul 02, 2017

Thanks for the hint! In addidtion by disabling SHA is should be ok:

[root@bigip1:Active:Standalone] config  tmm --clientciphers '!TLSv1:!RC4:!SHA:DEFAULT:@SPEED'
       ID  SUITE                            BITS PROT    METHOD  CIPHER    MAC     KEYX
 0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM   SHA384  ECDHE_RSA
 1: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES       SHA384  ECDHE_RSA
 2:   159  DHE-RSA-AES256-GCM-SHA384        256  TLS1.2  Native  AES-GCM   SHA384  EDH/RSA
 3:   107  DHE-RSA-AES256-SHA256            256  TLS1.2  Native  AES       SHA256  EDH/RSA
 4:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM   SHA384  RSA
 5:    61  AES256-SHA256                    256  TLS1.2  Native  AES       SHA256  RSA
 6: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM   SHA256  ECDHE_RSA
 7: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES       SHA256  ECDHE_RSA
 8:   158  DHE-RSA-AES128-GCM-SHA256        128  TLS1.2  Native  AES-GCM   SHA256  EDH/RSA
 9:   103  DHE-RSA-AES128-SHA256            128  TLS1.2  Native  AES       SHA256  EDH/RSA
10:   156  AES128-GCM-SHA256                128  TLS1.2  Native  AES-GCM   SHA256  RSA
11:    60  AES128-SHA256                    128  TLS1.2  Native  AES       SHA256  RSA