Forum Discussion

Sriram_Shanmuga's avatar
Sriram_Shanmuga
Icon for Altostratus rankAltostratus
Oct 03, 2018

How to disable weak cipher from Client SSL Profile

Hi, We have disabled few ciphers and we have rating "A" in qualys ssl checker portal. We have a requirement to disable weak ciphers as well.   Could some one advice how to disable weak ciphers. Pl...
ASM Advanced WAF
security
  • Lokesh_R_365525's avatar
    Lokesh_R_365525
    Oct 03, 2018

    By using DEFAULT:@STRENGTH command you can preferred the ciphers to use only Strength.

     

Mmathew-AMS's avatar
Mmathew-AMS
Icon for Nimbostratus rankNimbostratus

Hi Dhebal76, did you get to solve this problem. Pls share the Cypher string used

iHugoF's avatar
iHugoF
Icon for Nimbostratus rankNimbostratus
Feb 18, 2022

This worked for me:

ECDHE:!RSA:ECDHE_ECDSA:!SSLV3:!RC4:!EXP:!DES:!3DES:TLSV1_3:!ECDHE-RSA-AES128-CBC-SHA:!ECDHE-RSA-AES256-CBC-SHA:!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES128-SHA256

  • RockBD's avatar
    RockBD
    Icon for Altocumulus rankAltocumulus
    Oct 25, 2022

    Thanks for the full steatment which will help a lot to exclude the Cipher Suites.

    My question is if i disable those Cipher Suites that means user can't communicate with that Cipher Suites to my web server. So, isn't that lead to limtating access to the site my disabling those cihper Suites.