I have used this for a very strong CIPHERS to mitigate many vulnerabilities, you can customize it according to your need:

**[root@TEST-LAB-04:Active:In Sync] ~ # tmm --clientciphers 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA:!3DES:@STRENGHT'**

ID SUITE BITS PROT CIPHER MAC KEYX

0: 159 DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 EDH/RSA

1: 159 DHE-RSA-AES256-GCM-SHA384 256 DTLS1.2 AES-GCM SHA384 EDH/RSA

2: 158 DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 EDH/RSA

3: 158 DHE-RSA-AES128-GCM-SHA256 128 DTLS1.2 AES-GCM SHA256 EDH/RSA

4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA

5: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 DTLS1.2 AES-GCM SHA384 ECDHE_RSA

6: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA

7: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 DTLS1.2 AES-GCM SHA256 ECDHE_RSA

8: 107 DHE-RSA-AES256-SHA256 256 TLS1.2 AES SHA256 EDH/RSA

9: 107 DHE-RSA-AES256-SHA256 256 DTLS1.2 AES SHA256 EDH/RSA

10: 103 DHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 EDH/RSA

11: 103 DHE-RSA-AES128-SHA256 128 DTLS1.2 AES SHA256 EDH/RSA

12: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA

13: 49192 ECDHE-RSA-AES256-SHA384 256 DTLS1.2 AES SHA384 ECDHE_RSA

14: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA

15: 49191 ECDHE-RSA-AES128-SHA256 128 DTLS1.2 AES SHA256 ECDHE_RSA

**HTH**

**🙏**