Forum Discussion
NetworkTeam_178
Nimbostratus
NimbostratusCipher Suite Ordering
I need to order my ciphers in a very specific way.
Using this command 'tmm --clientciphers 'ECDHE+AES-GCM:ECDHE+AES:'
I get;
ID SUITE BITS PROT METHOD CIP...
NetworkTeam_178Nimbostratus
NimbostratusApologies, copy and paste was wrong!
This is the list I currently have;
- 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
- 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
- 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
- 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
- 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
- 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
- 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
- 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
- 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
- 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
- 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
- 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
- 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
- 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
This is the list I require for a customer who is adamant they want the list as below;
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-RSA-AES256-SHA384
- ECDHE-RSA-AES128-SHA256
- ECDHE-RSA-AES256-CBC-SHA
- ECDHE-RSA-AES128-CBC-SHA
- AES256-GCM-SHA384
- AES128-GCM-SHA256
- AES256-SHA256
- AES128-SHA256
- AES256-SHA
- AES128-SHA
Which means moving line 5 in the first list, up to line 3 so that the CBC-SHA ciphers are grouped together. I can then remove the two entries in the top list easy enough, the question is mainly about ordering the list.
