Forum Discussion
aquispe17_31055
Nimbostratus
NimbostratusSSL Ciphers (SSLLabs) Warning
Hi everyoe, I ran a test SSL over an web application and received various warnings about weak cipher. How can i close this ciphers protocols?
TLS1.2:
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 1024 bits FS WEAK TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK
TLS 1.1
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 1024 bits FS WEAK TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK
Disable below cipher in-order to eliminate weak cipher list. I have tested in LAB and all weak cipher gone. Suggest you to test in LAB environment and share feedback. Most important thing, don't play with default client-ssl profile.
Disable below ciphers to eliminate weak TLS cipher.
TLS1.2
AES256-GCM-SHA384 AES256-SHA256 AES256-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHATLS 1.1
AES256-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHAShare your feedback.
Samir_Jha_52506Noctilucent
Disable below cipher in-order to eliminate weak cipher list. I have tested in LAB and all weak cipher gone. Suggest you to test in LAB environment and share feedback. Most important thing, don't play with default client-ssl profile.
Disable below ciphers to eliminate weak TLS cipher.
TLS1.2
AES256-GCM-SHA384 AES256-SHA256 AES256-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHATLS 1.1
AES256-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHAShare your feedback.
aquispe17_31055HI, What is the expression to disable it?
- Samir_Jha_52506
use in beginning to disable cipher. See the below example!example
DEFAULT:!AES256-SHA:!DHE-RSA-CAMELLIA256-SHA:!CAMELLIA256-SHA 
SnlCirrostratus
sample is below
!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4