cancel
Showing results for 
Search instead for 
Did you mean: 

How to disable and enable specific weak/good ciphers In SSL profiles. How to achieve this .

sandip_kakade
Nimbostratus
Nimbostratus

Please enable the below mentioned two strong ciphers and TLSv1.3 in state filing application

 

TLSv1.2 cipher TLS_RSA_WITH_AES_128_GCM_SHA256

TLSv1.2 cipher TLS_RSA_WITH_AES_256_GCM_SHA384

 

Also, remove the below weak ciphers

 

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLSv1.2 cipher TLS_RSA_WITH_AES_128_CBC_SHA

TLSv1.2 cipher TLS_RSA_WITH_AES_128_CBC_SHA256

TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA

TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA256

TLSv1.2 cipher TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

TLSv1.2 cipher TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

1 REPLY 1

Hi sandip kakade,

 

In client ssl profile:

0691T00000F6UpuQAF.png 

TLSv1_3:AES128-GCM-SHA256:AES256-GCM-SHA384

With this cipher suite, the following ciphers will be usable.

TLS13-AES128-GCM-SHA256/TLS1.3 TLS13-AES256-GCM-SHA384/TLS1.3 TLS13-CHACHA20-POLY1305-SHA256/TLS1.3 AES128-GCM-SHA256/TLS1.2 AES256-GCM-SHA384/TLS1.2

IANA name:

TLS_RSA_WITH_AES_128_GCM_SHA256

OpenSSL name:

AES128-GCM-SHA256

 

IANA name:

TLS_RSA_WITH_AES_256_GCM_SHA384

OpenSSL name:

AES256-GCM-SHA384