Forum Discussion

Cirrostratus

Jun 12, 2020

Forcing the use of tls1.2

Hi, I want to disable all but tlsv1.2 and also want to disable the use of DHE. Would just typing the following in ciphers list of a client profile will be enough? TLSV1_2:!DHE Please l...

NAG

Cirrostratus

Jun 12, 2020

HI Qasim,

Here is the cipher string you can use:

default:!TSLv1:!TSLv1_1:!TSLv1_1::!TSLv1_3:!DTSLv1:!DEH

Hope this helps.

YOu can check on all the supported ciphers using following command.

#tmm -clientciphers 'default:!TSLv1:!TSLv1_1:!TSLv1_1::!TSLv1_3:!DTSLv1:!DEH'

Hope this helps. Let me know if you have any questions.

Nag

Qasim
Cirrostratus
Jun 12, 2020
HI,
thank you for your swift response that much appreciated.
Wondering if the !DEH is a typo and that should be !DHE?

Also, what if I was to only allow the following suites for a particular VS:
: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
33: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
34: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
35: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
36: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
37: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
38: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
39: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
40: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
41: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
42: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1 Native DES SHA ECDHE_RSA
43: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1.1 Native DES SHA ECDHE_RSA
44: 49170 ECDHE-RSA-DES-CBC3-SHA 168 TLS1.2 Native DES SHA ECDHE_RSA