Forum Discussion
NimbostratusIssues with cipher suites
Hi there,
I'm trying to get a tight set of supported ciphers and have explicitly named them. Some don't show up however and have issues determining why.
Anyone know why they don't show up?
In the client-ssl profile I've explicitly set cipher suites to:
TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256:TLS13-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2
More readable:
TLS13-AES256-GCM-SHA384
TLS13-AES128-GCM-SHA256
TLS13-CHACHA20-POLY1305-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-CHACHA20-POLY1305-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES128-GCM-SHA256
!TLSv1_1
!TLSv1
!SSLv3
!SSLv2
But I only get offered:
Preferred TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve 25519 DHE 253
Accepted TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve 25519 DHE 253
Preferred TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 1024 bits
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 1024 bits
Am missing:
TLS13-CHACHA20-POLY1305-SHA256
ECDHE-RSA-CHACHA20-POLY1305-SHA256
ECDHE-RSA-AES256-SHA384
ECDHE-RSA-AES128-SHA256
any ideas how to get those active?
TIA
FerryWould appear it's due to our ACLs.
I can actually enter cipher suites in a profile and I will actually see them after doing so.
Upon refreshing it seems to get the suites from a parent profile however. Appears I'm not actually allowed to set them.