Forum Discussion
AltocumulusDisable selected ciphers.
Below result of ssllab scan for one of the vip . We would like to disabled selected ciphers (TO DISABLE) in addition to present filter and would like to allow the rest
Currently i have DEFAULT:!RC4-SHA:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA cipher restriction under client ssl.
What additional filter i can include to achieve this?
TLSv1.0:
server selection: enforce server preferences
RSA) ECDHE_RSA_WITH_AES_128_CBC_SHA
RSA) ECDHE_RSA_WITH_AES_256_CBC_SHA
TO DISABLE (key: RSA) RSA_WITH_AES_128_CBC_SHA
TO DISABLE (key: RSA) RSA_WITH_AES_256_CBC_SHA
TO DISABLE (key: RSA) RSA_WITH_CAMELLIA_128_CBC_SHA
TO DISABLE (key: RSA) RSA_WITH_CAMELLIA_256_CBC_SHA
RSA) DHE_RSA_WITH_AES_128_CBC_SHA
RSA) DHE_RSA_WITH_AES_256_CBC_SHA
RSA) DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
RSA) DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLSv1.1: idem
TLSv1.2:
server selection: enforce server preferences
RSA) ECDHE_RSA_WITH_AES_128_GCM_SHA256
RSA) ECDHE_RSA_WITH_AES_128_CBC_SHA
RSA) ECDHE_RSA_WITH_AES_128_CBC_SHA256
RSA) ECDHE_RSA_WITH_AES_256_GCM_SHA384
RSA) ECDHE_RSA_WITH_AES_256_CBC_SHA
RSA) ECDHE_RSA_WITH_AES_256_CBC_SHA384
TO DISABLE RSA) RSA_WITH_AES_128_GCM_SHA256
TO DISABLE RSA) RSA_WITH_AES_128_CBC_SHA
TO DISABLE RSA) RSA_WITH_AES_128_CBC_SHA256
TO DISABLE RSA) RSA_WITH_AES_256_GCM_SHA384
TO DISABLE RSA) RSA_WITH_AES_256_CBC_SHA
TO DISABLE RSA) RSA_WITH_AES_256_CBC_SHA256
TO DISABLE RSA) RSA_WITH_CAMELLIA_128_CBC_SHA
TO DISABLE RSA) RSA_WITH_CAMELLIA_256_CBC_SHA
RSA) DHE_RSA_WITH_AES_128_GCM_SHA256
RSA) DHE_RSA_WITH_AES_128_CBC_SHA
RSA) DHE_RSA_WITH_AES_128_CBC_SHA256
RSA) DHE_RSA_WITH_AES_256_GCM_SHA384
RSA) DHE_RSA_WITH_AES_256_CBC_SHA
RSA) DHE_RSA_WITH_AES_256_CBC_SHA256
RSA) DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
RSA) DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
Current default client cipher on BIGIP
