Forum Discussion

Nimbostratus

May 21, 2018

SSL Ciphers (SSLLabs) Warning

Hi everyoe, I ran a test SSL over an web application and received various warnings about weak cipher. How can i close this ciphers protocols? TLS1.2: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)...

BIG-IP

LTM

security

Samir_Jha_52506
May 22, 2018
Disable below cipher in-order to eliminate weak cipher list. I have tested in LAB and all weak cipher gone. Suggest you to test in LAB environment and share feedback. Most important thing, don't play with default client-ssl profile.

Disable below ciphers to eliminate weak TLS cipher.

TLS1.2

AES256-GCM-SHA384 AES256-SHA256 AES256-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA

TLS 1.1

AES256-SHA DHE-RSA-CAMELLIA256-SHA CAMELLIA256-SHA

Share your feedback.

Samir_Jha_52506

Noctilucent

May 22, 2018

Disable below cipher in-order to eliminate weak cipher list. I have tested in LAB and all weak cipher gone. Suggest you to test in LAB environment and share feedback. Most important thing, don't play with default client-ssl profile.

Disable below ciphers to eliminate weak TLS cipher.

TLS1.2

    AES256-GCM-SHA384
    AES256-SHA256
    AES256-SHA
    DHE-RSA-CAMELLIA256-SHA
    CAMELLIA256-SHA

TLS 1.1

    AES256-SHA
    DHE-RSA-CAMELLIA256-SHA
    CAMELLIA256-SHA

Share your feedback.

aquispe17_31055
Nimbostratus
May 22, 2018
HI, What is the expression to disable it?
Samir_Jha_52506
Noctilucent
May 22, 2018
!
use in beginning to disable cipher. See the below example

example

DEFAULT:!AES256-SHA:!DHE-RSA-CAMELLIA256-SHA:!CAMELLIA256-SHA
Snl
Cirrostratus
May 22, 2018
sample is below

!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
aquispe17_31055
Nimbostratus
May 23, 2018
Thank you so much for the support.

Finally i could solve adding: ECDHE:DEFAULT:!RSA:!DHE:!3DES