Cipher Suite Practices and Pitfalls
Updated Jun 06, 2023
Version 3.0Was this article helpful?
Excellent article. However, we now can no longer use CBC ciphers. (https://blog.qualys.com/technology/2019/04/22/zombie-poodle-and-goldendoodle-vulnerabilities) Since CBC is implied and not always listed, how can I come up with a keyword string that does not allow them. My current string 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE+AES:!TLSv1:!TLSv1_1' contains ONLY CBC when I scan using SSL Labs.