Forum Discussion
Kevin_Stewart
Oct 18, 2018Employee
There are usually different versions of a cipher for each protocol version.
1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA
2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA
3: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA
So disabling a cipher would remove all versions of that cipher. But if you truly want to just disable TLS1 and TLS1.1, you could use a cipher string like this:
DEFAULT:!TLSv1:!TLSv1_1