Forum Discussion
Hello.
I realize this article is 3 years old, but i am facing a similar issue. From our Sec team, they want us to disable CBC Ciphers. They are showing up as weak on a Qualys SSL Scan. I have tried using "!CBC" in my cipher string, but it wont let me save that. Currently we use the following in our Cipher Strings in the SSL Profile below. Any help would be appreciated
DEFAULT:!TLSv1:!TLSv1_1:!DES:!RC4:!DHE
- Mmathew-AMSFeb 17, 2022Nimbostratus
Hi Dhebal76, did you get to solve this problem. Pls share the Cypher string used
- iHugoFFeb 18, 2022Nimbostratus
This worked for me:
ECDHE:!RSA:ECDHE_ECDSA:!SSLV3:!RC4:!EXP:!DES:!3DES:TLSV1_3:!ECDHE-RSA-AES128-CBC-SHA:!ECDHE-RSA-AES256-CBC-SHA:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES128-SHA256
- RockBDOct 25, 2022Altostratus
Thanks for the full steatment which will help a lot to exclude the Cipher Suites.
My question is if i disable those Cipher Suites that means user can't communicate with that Cipher Suites to my web server. So, isn't that lead to limtating access to the site my disabling those cihper Suites.