Forum Discussion

SMP73's avatar
Icon for Altostratus rankAltostratus
Aug 18, 2023

Most up to date Cipher Suite for version 14.1.x to increase BitSight findings?

Trying to improve some BitSight findings on our externally hosted sites.  Bitsight is kind of vague on its findings and explanations.  I know there used to be a page somewhere that had up to date Cip...
  • MegaZone's avatar
    Aug 29, 2023

    These are the default 14.1.x ciphers:
    And these are all the 14.1.x ciphers:

    I'd probably kill all TLSv1.0 and v1.1 ciphers to start:

    In 14.1.x the DHE key is 1024 bit, which can get you dinged, so probably turn those off:

    If this doesn't do it, probably remove RSA (key exchange) & SHA1 ciphers:

    That wil basically bring you to a subset of ECDHE ciphers with SHA256/SHA384.