Forum Discussion
MVPHowTo: Getting an awesome Qualys SSL-Labs rating... (Feb 2017 Update)
Hi Folks,
I've posted in August 2016 a Client SSL Profile configuration to achive a top notch Qualys SSL-Labs rating.
HowTo: Getting an awesome Qualys SSL-Labs rating...
https://devcentral.f5.com/questions/howto-getting-an-awesome-qualys-ssl-labs-rating-48120
In the meantime the Qualys SSL-Labs has decided to put very soon a penalty on those web sites, which are still supporting DES / IDEA algorythms via TLS1.2 (aka. every block cipher with a block size of less or equal 64-bit) .
Penalty for using 3DES with TLS 1.2 (C)
In late August, security researchers demonstrated an attack against ciphers that use 64-bit encryption blocks. The attack has been called Sweet32. The attack is not practical because it requires a very large amount of traffic, but it’s a good reminder that older and weaker ciphers need be retired as a matter of routine. In TLS, that means avoiding 3DES (EDIT 27 Jan: and other ciphers that use 64-bit blocks, for example IDEA). Now, for sites that need to support an old user base completely retiring 3DES might not be possible (hint: Windows XP), but there’s no reason to use this cipher with modern browsers. To that end, we’ll be modifying our grading criteria to penalise sites that negotiate 3DES with TLS 1.2. Such sites will have their scores capped at C. We are aware that most servers don’t allow per-protocol cipher suite configuration, but that shouldn’t be a problem in this case. Sites that negotiate strong cipher suites with modern clients will not be affected if they support 3DES, provided they keep it at the end of their ordered list of suites." -Quallys SSL Labs (see Link)
The result of the announced rating changes is currently just a little warning message which states that the grade will be caped to C very soon:
To maintain your awesome A / A+ grade in the future, you have to change your supported cipher suites once again, so that every DES based algorythm gets either completely removed (this may have a compatibility impact) or at least gets placed at the very buttom of the Cipher Suite list.
Previous Chipher-List (for v11 and v12):
!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4:@STRENGTH
Updated Chipher-List (for v11 and v12):
!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
After applying the updated Chipher-List, you'll receive a clean A or even A+ (depending on HSTS configurations) rating again, while still supporting those Windows XP/IE8 or other legacy clients:
Cheers, Kai
Additional search tags for the lovely Google bot:
Preventing Logjam Attack
Preventing Sweet32 Attack
Default SSL Profile is a little bit insecure
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits FS WEAK 128 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits FS WEAK 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK 256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits FS WEAK 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits FS WEAK 128 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits FS WEAK 112
38 Replies
- melcaniac
Cirrus
If you are using version 10, you can still get an A- grade without disabling 3DES (so that IE8/XP browsers can still connect). This option is better than DEFAULT:!RC4:!SSLv3 because it prefers to use the 256 bit encryption and drops lower if the client doesn't support it.
Chipher-List (for v10):
!SSLv3:RSA+AES256-SHA256:RSA+AES256-SHA:RSA+AES128-SHA256:RSA+AES128-SHA:RSA+AES128-SHA:RSA+3DES
Good stuff Kai!
MrDude11Nimbostratus
Has anyone seen any end user/application issues disabling the DHE ciphers?
- Kevin_Davies
Nacreous
Kai,
Is this a good place to discuss which of these have hardware offload support on the F5 platforms? I am just wondering as its very relevant to performance considerations for our customers. Just let me know if you think its relevant enough to be part of this discussion.
kchiotak_298563Hi all,
Thank you very much Kai for this, really appreciate it.
Now with this new vulnerability K21905460: BIG-IP SSL vulnerability CVE-2017-6168 I suppose we will have to remove the RSA key exchange from the cipher list? https://support.f5.com/csp/article/K21905460
New list:
!SSLv2:!RSA:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
What are your thoughts?
Regards,
magnus78_287184Your says some weak chipers on SSL Labs. You can use this one: !SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:ECDHE+AES-GCM:ECDHE+AES:-MD5:-SSLv3:-RC4:!3DES:!RSA
- Kai_Wilke
Hi kchiotak,
thank you very much for bringing this up to our attention.
The Bleichenbacher attack is somewhat difficult to pulloff and most likely not exploitable outside of lab environments. If you have to close this security hole because of compliance reasons or if you just want to have this security hole closed, then use the cipher string you have posted.
But keep in mind that this change will ban any legacy client without ECDHE suppport (like WinXP/IE8)!
(at) magnus78
kchiotak's and your cipher string provides almost the same level of security. The only difference is that kchiotak's string includes DES based algorythms with a least priority (most likely never negotiated) and yours is banning DES based algorythms completely. But both are sucessfully banning any RSA based ciphersuites...
FYI: The shortcut to your cipher string would be just
'ECDHE+AES-GCM:ECDHE+AES'Cheers, Kai
bluestar007_339Hi,
The final string is the below one ?
'DEFAULT:!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4'
Thanks
SFiddy_313786Hey Kai. This is fantastic stuff. I don't know anything about making even the slightest tweak to these. Could you assist with the string I would need for TLS 1.1 and 1.2 ciphers only, with no 3DES and RSA key exchanges at the bottom of my list?
- SFiddy_313786
This is AMAZING, thank you!!
- Kai_Wilke
You're pretty much welcome. Let me know if you need some extra clarification or assistance... ;-)
Cheers, Kai
Harry1Hi Kai,
As of today, what would be the best Ciphers suite which will give A+ from SSL-Labs? can i consider below one? I have taken all three from this thread only.
i am using v13.0.0 with HF3
!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:-MD5:-SSLv3:-RC4:!3DES
!SSLv2:!EXPORT:!DHE:!3DES:RSA+AES-GCM:RSA+AES:ECDHE+AES-GCM:ECDHE+AES:!MD5:!SSLv3:!RC4
!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
- Suzyw720_345395
Hello, I am using v11.6.2HF1 am just looking for thoughts and/or opinions. 1. I have 2 client SSL profiles with their current cipher strings set to: DEFAULT:@STRENGTH:!EXP:!EXPORT:!DHE. In order to disable TLS v1.0, I will modify both cipher strings to read: DEFAULT:@STRENGTH:!EXP:!EXPORT:!DHE:!TLSv1:!SSL:!SSLv2:!SSLv3
- I am also looking to enable PFS, using a string I saw posted by David Holmes, which is: ECDHE+HIGH:HIGH since Qualys Labs changed their grading practice. Any thoughts if this string will improve the Qualys rating? Thanks for any thoughts or comments.
Joe_R_140814simply adding :@Speed the current ciphers DEFAULT:!DHE:!3DES:!TLSv1 upgrades a 'B' score to an 'A' ... am I missing something ... this appears too simple
- Kai_Wilke
Hi Joe,
is the default setting. It won't change anything if you explicitly add this directive to your cipher string (see below).:@SPEEDCheers, Kai
[root@f501:Active:Standalone] config tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA 1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA 3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA 4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA 5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 7: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 8: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA 9: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 10: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 11: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 12: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 13: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA 14: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 15: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 16: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 17: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 18: 65 CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA RSA 19: 65 CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA RSA 20: 132 CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA RSA 21: 132 CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA RSA 22: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA 23: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDHE_ECDSA 24: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA 25: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA 26: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA 27: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA 28: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA 29: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA [root@f501:Active:Standalone] config tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1:@SPEED' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA 1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA 3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA 4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA 5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 7: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 8: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA 9: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 10: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 11: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 12: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 13: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA 14: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 15: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 16: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 17: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 18: 65 CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA RSA 19: 65 CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA RSA 20: 132 CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA RSA 21: 132 CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA RSA 22: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA 23: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDHE_ECDSA 24: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA 25: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA 26: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA 27: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA 28: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA 29: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA [root@f501:Active:Standalone] config
- Joe_R
simply adding :@Speed the current ciphers DEFAULT:!DHE:!3DES:!TLSv1 upgrades a 'B' score to an 'A' ... am I missing something ... this appears too simple
- Kai_Wilke
Hi Joe,
is the default setting. It won't change anything if you explicitly add this directive to your cipher string (see below).:@SPEEDCheers, Kai
[root@f501:Active:Standalone] config tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA 1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA 3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA 4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA 5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 7: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 8: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA 9: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 10: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 11: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 12: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 13: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA 14: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 15: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 16: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 17: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 18: 65 CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA RSA 19: 65 CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA RSA 20: 132 CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA RSA 21: 132 CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA RSA 22: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA 23: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDHE_ECDSA 24: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA 25: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA 26: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA 27: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA 28: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA 29: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA [root@f501:Active:Standalone] config tmm --clientcipher 'DEFAULT:!DHE:!3DES:!TLSv1:@SPEED' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA 1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA 3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA 4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA 5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 7: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 8: 156 AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 RSA 9: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 10: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 11: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 12: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 13: 157 AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 RSA 14: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 15: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 16: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 17: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 18: 65 CAMELLIA128-SHA 128 TLS1.1 Native CAMELLIA SHA RSA 19: 65 CAMELLIA128-SHA 128 TLS1.2 Native CAMELLIA SHA RSA 20: 132 CAMELLIA256-SHA 256 TLS1.1 Native CAMELLIA SHA RSA 21: 132 CAMELLIA256-SHA 256 TLS1.2 Native CAMELLIA SHA RSA 22: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA 23: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.1 Native AES SHA ECDHE_ECDSA 24: 49161 ECDHE-ECDSA-AES128-SHA 128 TLS1.2 Native AES SHA ECDHE_ECDSA 25: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA 26: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA 27: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA 28: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA 29: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA [root@f501:Active:Standalone] config
Irfan_S_337899Using the below Cipher Suite but still seeing the rating as "B". Any help would be highly appreciated.
Here is the CIpher :
!SSLv2:!EXPORT:!DHE:!3DES:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:!RSA+3DES:-MD5:-SSLv3:-RC4:
SSL LAB Output : Rating B
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits FS WEAK 128 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK 256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits FS WEAK 128 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 1024 bits FS WEAK 128 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits FS WEAK 256 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits FS WEAK 112 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 112
Forward Secrecy Weak key exchange WEAK DH public server param (Ys) reuse Yes ECDH public server param reuse Yes
