Forum Discussion
TNY_122436
Nimbostratus
NimbostratusDisable DES Ciphers
Does anyone know why when I disable the DES cipher, it still shows up? Is there a different way to explicitly disable the DES cipher?
These 6 DES at the bottom are still listed:
tmm --clientc...
nathe
Cirrocumulus
CirrocumulusTNY, you are disabling DES ciphers. The ones listed are 3DES ciphers (note BITS column).
Note my test with the insecure client cipher profile cipher string setup, the first test shows all DES ciphers and the second (using !DES) disables DES ciphers. Note 3DES ciphers still there.
Hope this helps,
N
[root@bigip2:Active:Standalone] config tmm --clientciphers '!SSLv2:ALL:!DH:!ADH:!EDH:@SPEED' | grep DES
34: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
35: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
36: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
37: 49160 ECDHE-ECDSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_ECDSA
38: 49160 ECDHE-ECDSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_ECDSA
39: 49160 ECDHE-ECDSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_ECDSA
40: 49165 ECDH-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDH_RSA
41: 49165 ECDH-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDH_RSA
42: 49165 ECDH-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDH_RSA
43: 49155 ECDH-ECDSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDH_ECDSA
44: 49155 ECDH-ECDSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDH_ECDSA
45: 49155 ECDH-ECDSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDH_ECDSA
46: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA
47: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
48: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
49: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
50: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
93: 9 DES-CBC-SHA 64 SSL3 Native DES SHA RSA
94: 9 DES-CBC-SHA 64 TLS1 Native DES SHA RSA
95: 9 DES-CBC-SHA 64 TLS1.1 Native DES SHA RSA
96: 9 DES-CBC-SHA 64 DTLS1 Native DES SHA RSA
97: 98 EXP1024-DES-CBC-SHA 56 SSL3 Native DES SHA RSA
98: 98 EXP1024-DES-CBC-SHA 56 TLS1 Native DES SHA RSA
99: 98 EXP1024-DES-CBC-SHA 56 DTLS1 Native DES SHA RSA
102: 8 EXP-DES-CBC-SHA 40 SSL3 Native DES SHA RSA
103: 8 EXP-DES-CBC-SHA 40 TLS1 Native DES SHA RSA
104: 8 EXP-DES-CBC-SHA 40 DTLS1 Native DES SHA RSA
[root@bigip2:Active:Standalone] config tmm --clientciphers '!SSLv2:ALL:!DH:!ADH:!EDH:!DES:@SPEED' | grep DES
34: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
35: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
36: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
37: 49160 ECDHE-ECDSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_ECDSA
38: 49160 ECDHE-ECDSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_ECDSA
39: 49160 ECDHE-ECDSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_ECDSA
40: 49165 ECDH-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDH_RSA
41: 49165 ECDH-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDH_RSA
42: 49165 ECDH-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDH_RSA
43: 49155 ECDH-ECDSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDH_ECDSA
44: 49155 ECDH-ECDSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDH_ECDSA
45: 49155 ECDH-ECDSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDH_ECDSA
46: 10 DES-CBC3-SHA 192 SSL3 Native DES SHA RSA
47: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
48: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
49: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
50: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
