19-Jul-2021 23:04
Hello all,
I would like to build a cipher suite that only allows the following two ciphers:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Currently the following 3 additional ciphers are allowed
TLS_ECDHE_RSA_WITH_AES_256_CBC
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
The current cipher string looks like this
!TLSv1:!TLSv1_1:!SSLv2:!EXPORT:!DHE+AES-GCM:!DHE+AES:!ECDHE+AES-GCM:ECDHE+AES:ECDHE+RSA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:RSA+AES-GCM+SHA384:-MD5:-SSLv3:-RC4:!3DES
How must the cipher string be changed to get the desired result?
Thnks for you help
24-Jul-2021
14:19
- last edited on
04-Jun-2023
19:22
by
JimmyPackets
Hi Andre-Germany,
IANA name:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
OpenSSL name:
ECDHE-RSA-AES256-SHA384
IANA name:
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
OpenSSL name:
ECDHE-RSA-AES128-SHA256
Cipher Suites:
ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256
[root@f5:Active:Standalone] config # tmm --clientciphers 'ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256'
0: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 AES SHA384 ECDHE_RSA
1: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 AES SHA256 ECDHE_RSA
12-Aug-2021 01:15
Now more requirements have been added
What should the whole thing look like now
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CCM TLS_ECDHE_ECDSA_WITH_AES_256_CCM TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_CCM
TLS_DHE_RSA_WITH_AES_256_CCM