Forum Discussion

Nimbostratus

Dec 05, 2014

Removing RCS-SHA

I was looking at RC4 vulnerability and looking at default ciphers below it has RC4-SHA. I was reading in dev central if I do below command this cipher would remove RS=C4. Are there any risk of chang...

boneyard

MVP

Dec 24, 2014

not sure what you mean with command, is that tmm --clientciphers ? that command only shows which ciphers would be used for a certain cipher string. it doesn't apply anything or such.

if you want to use a specific cipher string then you use it on the ssl profile. the one you show does indeed not use the RC4 one. it does add a whole lot of ciphers compared to the DEFAULT one. some of which you might not want.

if you just want to exclude RC4 you could also do 'DEFAULT:!RC4', in the newer versions this gives quite a safe set.

the risk is that there might be clients that only want to do RC4 and then their connections would fail.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)