Forum Discussion
Anthony_Pineda
Nimbostratus
NimbostratusSSL ciphersuite to allow only TLS
Will the following ciphersuite work if I only want to allow TLS (TLS1.0, TLS1.1 and TLS1.2)? The LTM is v11.4.1 The ciphersuite is !SSLv3:!RC4:TLS
Brad_ParkerCirrus
I would suggest
, I believe your string will end up including exp, null, md5, etc... You don't want those.DEFAULT:!SSLv3:!RC4
Anthony_PinedaThank you Brad.
- Brad_ParkerPlease remember to mark as answered if you feel your question has received a sufficient answer.
Hi Anthony,
you can validate your ciphers via CLI by using "
":tmm --clientcipherstmm --clientciphers 'DEFAULT:!SSLv3:!RC4:@strength' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 1: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA 2: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 3: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 4: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA 7: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA 8: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 9: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA 10: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 11: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA 12: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA 13: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA 14: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA 15: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 16: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA 17: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 18: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 19: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA 20: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA 21: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA 22: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSAThanks, Stephan
