Forum Discussion
Koalan
Cirrus
CirrusStrong cipher suite
Hi we are testing a url on sslab test and the current setup on our f5 have these ciphers:
DEFAULT:!SSLv2:!SSLv3:!TLSv1:!RSA:!ECDHE-RSA-AES256-CBC-SHA:!ECDHE-RSA-AES128-CBC-SHA:!ECDHE-RSA-DES-CBC3-SHA:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:ECDHE+AES-GCM:ECDHE+AES:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
but when we tested it on sslab test, it says:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (
0xc028256TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (
0xc027anyone knows how to address this?
Koalanup
Hi Koalan,
tmm --clientciphers 'ECDHE+AES':
0: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 AES SHA ECDHE_RSA 1: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 AES SHA ECDHE_RSA 2: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 AES SHA ECDHE_RSA 3: 49171 ECDHE-RSA-AES128-CBC-SHA 128 DTLS1 AES SHA ECDHE_RSA 4: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA 5: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 AES SHA ECDHE_RSA 6: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 AES SHA ECDHE_RSA 7: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 AES SHA ECDHE_RSA 8: 49172 ECDHE-RSA-AES256-CBC-SHA 256 DTLS1 AES SHA ECDHE_RSA 9: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSAYou can add this:
!ECDHE-RSA-AES256-SHA384:!ECDHE-RSA-AES128-SHA256:or use that:
DEFAULT:!SSLv2:!SSLv3:!TLSv1:!RSA:!ECDHE-RSA-DES-CBC3-SHA:!EXPORT:!DHE+AES-GCM:!DHE+AES:!DHE+3DES:!ECDHE+AES:ECDHE+AES-GCM:RSA+AES-GCM:RSA+AES:ECDHE+3DES:RSA+3DES:-MD5:-SSLv3:-RC4
