Forum Discussion
Excluding Cipher List
I'm attempting to remove a specific Cipher stream from a Client SSL Profile.
I can't seem to exclude the specific two streams from the Cipher List.
Any help would be appreciated.
I need to exclude -
ECDHE-RSA-DES-CBC3-SHA
DES-CBC3-SHA
I am using
ECDHE+AES-GCM:NATIVE:!MD5:!EXPORT:!DES
I can't get an exclusion to remove the two cipher streams I want.
This link was a great help,
https://devcentral.f5.com/articles/cipher-suite-practices-and-pitfalls-25564
but I can't get it to function the way I want it to.
- Ed_SummersNimbostratus
Are you only looking to exclude those two specific ciphers? Does the following not work for your requirement:
!ECDHE-RSA-DES-CBC3-SHA:!DES-CBC3-SHA:ECDHE+AES-GCM:NATIVE:!EXPORT:!DES
- Vijay_ECirrus
This seems to work for me:
tmm --clientciphers '!ECDHE-RSA-DES-CBC3-SHA:!DES-CBC3-SHA:ECDHE+AES-GCM:NATIVE:!EXPORT:!DES'
Can you post your output and identify the ciphers that you think should be excluded but still show up ?
Just a word of caution, the cipher list that you are using is still weak. If you are looking to provide better security, I would recommend checking this out.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com