Cipher Suite error

Question

A server team provided the following ciphers used, but for some reason, I am unable to either create a rule or group for them. Any help would be appreciated

TLS-CHACHA20-POLY1305-SHA256
TLS-AES-256-GCM-SHA384
TLS-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384

kevin_stewart · Answer

It might be helpful to verify that the intention is to support TLS 1.2 and TLS 1.3 ciphers (or just TLS 1.3). The top three in your list are explicitly TLS 1.3. The following literal cipher string will produce exactly what's in your list:
&nbsp;
tmm --clientciphers '!DTLSv1_2:TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;ECDHE-ECDSA-AES256-GCM-SHA384'

SUITE                                  PROT
TLS13-AES256-GCM-SHA384                TLS1.3
TLS13-AES128-GCM-SHA256                TLS1.3
TLS13-CHACHA20-POLY1305-SHA256         TLS1.3
ECDHE-ECDSA-CHACHA20-POLY1305-SHA256   TLS1.2
ECDHE-ECDSA-AES128-GCM-SHA256          TLS1.2
ECDHE-ECDSA-AES256-GCM-SHA384          TLS1.2
&nbsp;
&nbsp;

jrahm · Answer

If this answered your question&nbsp;VFB,&nbsp;can you accept the solution so it will be more helpful to others who find this thread? Thank you!

Forum Discussion

Cipher Suite error

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

Cipher suite mismatch advertisement/warning

SSL Profiles Part 4: Cipher Suites

Most up to date Cipher Suite for version 14.1.x to increase BitSight findings?

Display a warning on client browser when cipher suite mismatch

Lightboard Lessons: What is a TLS Cipher Suite?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS