Forum Discussion

Sriram_Shanmuga's avatar
Sriram_Shanmuga
Icon for Altostratus rankAltostratus
Oct 03, 2018

How to disable weak cipher from Client SSL Profile

Hi, We have disabled few ciphers and we have rating "A" in qualys ssl checker portal. We have a requirement to disable weak ciphers as well.   Could some one advice how to disable weak ciphers. Pl...
ASM Advanced WAF
security
  • Lokesh_R_365525's avatar
    Lokesh_R_365525
    Oct 03, 2018

    By using DEFAULT:@STRENGTH command you can preferred the ciphers to use only Strength.

     

Dhebal76's avatar
Dhebal76
Icon for Nimbostratus rankNimbostratus
Jun 08, 2021

Hello.

 

I realize this article is 3 years old, but i am facing a similar issue. From our Sec team, they want us to disable CBC Ciphers. They are showing up as weak on a Qualys SSL Scan. I have tried using "!CBC" in my cipher string, but it wont let me save that. Currently we use the following in our Cipher Strings in the SSL Profile below. Any help would be appreciated

 

DEFAULT:!TLSv1:!TLSv1_1:!DES:!RC4:!DHE

 

 

  • Mmathew-AMS's avatar
    Mmathew-AMS
    Icon for Nimbostratus rankNimbostratus
    Feb 17, 2022

    Hi Dhebal76, did you get to solve this problem. Pls share the Cypher string used

    • iHugoF's avatar
      iHugoF
      Icon for Nimbostratus rankNimbostratus
      Feb 18, 2022

      This worked for me:

      ECDHE:!RSA:ECDHE_ECDSA:!SSLV3:!RC4:!EXP:!DES:!3DES:TLSV1_3:!ECDHE-RSA-AES128-CBC-SHA:!ECDHE-RSA-AES256-CBC-SHA:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES128-SHA256

      • RockBD's avatar
        RockBD
        Icon for Altocumulus rankAltocumulus
        Oct 25, 2022

        Thanks for the full steatment which will help a lot to exclude the Cipher Suites.

        My question is if i disable those Cipher Suites that means user can't communicate with that Cipher Suites to my web server. So, isn't that lead to limtating access to the site my disabling those cihper Suites.