Forum Discussion
Weak Ciphers Removal
I have used this for a very strong CIPHERS to mitigate many vulnerabilities, you can customize it according to your need:
[root@TEST-LAB-04:Active:In Sync] ~ # tmm --clientciphers 'DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:!ADH:!IDEA:!3DES:@STRENGHT'
ID SUITE BITS PROT CIPHER MAC KEYX
0: 159 DHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 EDH/RSA
1: 159 DHE-RSA-AES256-GCM-SHA384 256 DTLS1.2 AES-GCM SHA384 EDH/RSA
2: 158 DHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 EDH/RSA
3: 158 DHE-RSA-AES128-GCM-SHA256 128 DTLS1.2 AES-GCM SHA256 EDH/RSA
4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 AES-GCM SHA384 ECDHE_RSA
5: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 DTLS1.2 AES-GCM SHA384 ECDHE_RSA
6: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 AES-GCM SHA256 ECDHE_RSA
7: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 DTLS1.2 AES-GCM SHA256 ECDHE_RSA
8: 107 DHE-RSA-AES256-SHA256 256 TLS1.2 AES SHA256 EDH/RSA
9: 107 DHE-RSA-AES256-SHA256 256 DTLS1.2 AES SHA256 EDH/RSA
10: 103 DHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 EDH/RSA
11: 103 DHE-RSA-AES128-SHA256 128 DTLS1.2 AES SHA256 EDH/RSA
12: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA
13: 49192 ECDHE-RSA-AES256-SHA384 256 DTLS1.2 AES SHA384 ECDHE_RSA
14: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA
15: 49191 ECDHE-RSA-AES128-SHA256 128 DTLS1.2 AES SHA256 ECDHE_RSA
HTH
🙏
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com