Forum Discussion
Seth_Randall_31
Apr 26, 2017Nimbostratus
We tend to disable 3DES unless we have a system that absolutely needs it. We usual work with them to upgrade if we can. The ciphers we've been using are:
!SSLv2:!EXPORT:!DHE:!3DES:RSA+AES-GCM:RSA+AES:ECDHE+AES-GCM:ECDHE+AES:!MD5:!SSLv3:!RC4
For easy of entry, you can deny all DHE and all 3DES by just using !DHE and !3DES instead of specifying each one. At least you can on 11.6.0.