Forum Discussion
veato
Nimbostratus
NimbostratusExcluding Cipher Suites
I have been given a list of cipher suites which have been flagged as weak and crossed referenced this with the published list of ciphers for BIG-IP v12. I now need to exclude these ciphers from the d...
aandreyy_293459Nimbostratus
NimbostratusHi have similar problem with ciphers, after scanning with SSL labs getting some week ciphers errors, lets say for TLS1.1:
LS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK
LS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK112
ciphers used in LTM are:
tmm --clientciphers 'DEFAULT:!EXPORT40:!EXP:!LOW:!DH:!DHE:!SSLv3:!MD5:!RC4-SHA:!ADH' | grep TLS1.1
4: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
9: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
13: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
20: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
24: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
27: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
can not see here any 3DES ciphers so not sure which ones should be disabled? Do i need disable DES adding !DES?
thanks