Forum Discussion

Cirrostratus

Jun 20, 2016

Weak Ciphers

Hi, We have applied verisign wildcard certificate for all our application as a client side certificate. We get B SSL ratings for our applications because of ciphers negotiated - This server...

application delivery

BIG-IP

Nuruddin_Ahmed_

Cirrostratus

Jun 23, 2016

Hi,

I had raised the TAC for this case and it worked with below -

In order to achieve the A rating, would you be able to test one VS by modifying it's SSL profile with following cipher suites ? ECDHE:!LOW:!MEDIUM:@STRENGTH

tmm --clientciphers 'ECDHE:!LOW:!MEDIUM:@STRENGTH' ID SUITE BITS PROT METHOD CIPHER MAC KEYX

0: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA

1: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA

2: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA

3: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA

4: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA

5: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA

6: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA

7: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA

Many applications stopped working after i applied this as we have some applications which are accessed from client software and few client software supports only weak ciphers.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)