# Disabling Ciphers

Guys,

We are deploying Skype at work. The Skype team would like me to disable the "Weak" Ciphers and only enable the others. I know you can disable / enable them in the clientssl profile under Advanced. But, what is the correct context to do this?

Thank You

Here is the list

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp384r1 (eq. 7680 bits RSA) FS128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS128

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) ** WEAK**256

TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) ** WEAK**128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) ** WEAK**256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) ** WEAK**128

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) ** WEAK**112

TLS 1.1 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) ** WEAK**256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) ** WEAK**128

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) ** WEAK**112

TLS 1.0 (suites in server-preferred order)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS128

TLS_RSA_WITH_AES_256_CBC_SHA (0x35) ** WEAK**256

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) ** WEAK**128

TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) ** WEAK**112

@Rob, Do you want to disable only Weak cipher, which you have pasted in Question section. Let us know.