Forum Discussion
Jean-Michel_Aud
Nimbostratus
I removed the CBC Ciphers to be compliant with SSL Labs weak ciphers list :
TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305-SHA256:ECDHE-RSA-AES128-GCM-SHA256:!TLSv1:!TLSv1_1
Simon_Blakely
Mar 12, 2020Employee
In general, I would make the same recommendation, but the original request was for a specific set of ciphers. There are still some older clients that require CBC ciphers, and cannot be upgraded easily (embedded devices like Smart Meters, for example).