Forum Discussion
henry_kay_36032
Nimbostratus
Nimbostratusdisable cipher tls_rsa_with_3des_ede_cbc_sha
hi all,
one of my customer was doing a vulnerability scan and prompt with a message
"Negociated with the following insecure cipher suites: TLS 1.2 ciphers tls_rsa_with_3des_ede_cbc_sha" ...
Brad_Parker
Cirrus
CirrusThis cipher string will disable 3DES as well as prioritize PFS and GCM.
!EXPORT:!DH:!MD5:!SSLv3:!DTLSv1:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AEStmm --clientciphers '!EXPORT:!DH:!MD5:!SSLv3:!DTLSv1:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
1: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
2: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
3: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
4: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
6: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
7: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
8: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
9: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
10: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA
11: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA
12: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
13: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
14: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
15: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
16: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
17: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
18: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
19: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
Brad_ParkerCirrus
Cirrusyou can also just add "!3DES" to whatever cipher string currently in use.
