Forum Discussion
Anthony_Pineda
Nimbostratus
NimbostratusSSL ciphersuite to allow only TLS
Will the following ciphersuite work if I only want to allow TLS (TLS1.0, TLS1.1 and TLS1.2)? The LTM is v11.4.1 The ciphersuite is !SSLv3:!RC4:TLS
Hi Anthony,
you can validate your ciphers via CLI by using "tmm --clientciphers tmm --clientciphers 'DEFAULT:!SSLv3:!RC4:@strength'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
1: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
2: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
3: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
4: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
7: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
8: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
9: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
10: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
11: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
12: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
13: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
14: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
15: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
16: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
17: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
18: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
19: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
20: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
21: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
22: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
Thanks, Stephan