Forum Discussion

Cirrus

Apr 01, 2020

Ciphers for restricting traffic to TLS1.2

Hello team,

We want to disable all the lower TLS/SSL versions like SSLv3, TLS1.0 and TLS1.2 under client SSL profiles. I know i can easily do it through options list by enabling no SSLv3 etc. I know we can also achieve it using ciphers. I am looking for that Cipher string.

Does anyone have it? Please share it.

Thank you

Mayur_Sutare
Apr 01, 2020
Please try below string.

ALL:!DHE:!ADH:!EXPORT:!SSLv2:!EXPORT40:!EXP:!LOW:!RC4:!SSLv3:!MEDIUM:!3DES:!RSA:!TLSv1:!TLSv1_1

I've used this in my setup and it is working as expected. Hope it helps you too.

Mayur

Mayur_Sutare
MVP
Apr 01, 2020
Please try below string.

ALL:!DHE:!ADH:!EXPORT:!SSLv2:!EXPORT40:!EXP:!LOW:!RC4:!SSLv3:!MEDIUM:!3DES:!RSA:!TLSv1:!TLSv1_1

I've used this in my setup and it is working as expected. Hope it helps you too.

Mayur
- Johnde
  Cirrus
  Apr 01, 2020
  It worked as per expectations man. Thanks a lot!