Forum Discussion
Rob_Higginbotha
Nimbostratus
NimbostratusDisabling Ciphers
Guys,
We are deploying Skype at work. The Skype team would like me to disable the "Weak" Ciphers and only enable the others. I know you can disable / enable them in the clientssl profile under...
@Rob, Do you want to disable only Weak cipher, which you have pasted in Question section. Let us know.
Samir_Jha_52506
Noctilucent
Noctilucent@Rob, Do you want to disable only Weak cipher, which you have pasted in Question section. Let us know.
Rob_HigginbothaI want to disable only the ciphers I noted as weak
Thanks
- Samir_Jha_52506
Disable below cipher in-order to eliminate weak cipher list. I have tested in v12 and all weak cipher gone. Suggest you to test in LAB environment and share feedback. Most important thing, don't play with default
profile which has pointed by @SBlakelyclient-sslFind the weak cipher list as per above question .
AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA DES-CBC3-SHATLS 1.1 (Weak suites in server-preferred order)
AES256-SHA AES128-SHA DES-CBC3-SHATLS 1.0 (Weak suites in server-preferred order)
AES256-SHA AES128-SHA DES-CBC3-SHA - Rob_Higginbotha
My Apologies for being dumb - So, I copy the above list in the "Ciphers" section in the clientssl profile that I created? Anything else? What am I missing?
Thank you for your help
When I try this I'm getting an error
01070312:3: Invalid keyword ' aes256-sha256' in ciphers list for profile /Common/clientssl-test-cyphers
Cipher List to insert.
AES256-SHA256: AES128-SHA256: AES256-SHA: AES128-SHA: DES-CBC3-SHA: AES256-SHA: AES128-SHA: DES-CBC3-SHA: AES256-SHA: AES128-SHA: DES-CBC3-SHA:
- Samir_Jha_52506
Try this
DEFAULT:ECDHE:!RSA:!DHE:!3DES - Rob_Higginbotha
Thank you - You are a genius!