Forum Discussion

Nimbostratus

Oct 23, 2018

disable CBC cipher

Hi guys, I tried to disable below cipher (customer requirement): TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 even though I verified from cli that the configu...

Employee

Oct 25, 2018

A few thoughts.

It might be an anomalous indication. You could actually test for CBC support with a cURL request using a CBC cipher (only).
Given that you're specifying a very small, specific set of ciphers, it might be easier to simply list these in the cipher string:
```
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
```

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)