Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

How to disable weaker ciphers in TLS 1.2

Gautam_Venna
Nimbostratus
Nimbostratus

Hi Team,

We have a situation where we have good grades (A+)  but we were asked by the customer to tighten up the ciphers which we are allowing. I have attached the screenshot of the Ciphers which are being used. Could you please guide me to disable or tighten up those ciphers?

Gautam_Venna_1-1676058080170.png

 

Gautam_Venna_0-1676057766776.png

 

Thanks & regards,

Gautam Venna

 

2 REPLIES 2

Hi @Gautam_Venna 

You can use custom cipher string and choose specific ciphers that you want to use. Article given here will help you to understand steps to configure same.

Below is the section under client-ssl profile where you can use custom cipher string 

Mayur_Sutare_0-1676093564677.png

Also looking at the requirement, you need to disable CBC mode ciphers as those are highlighted as weak. So you need to use custom string which will allow only strong ciphers and with this you should be good.

To test the custom cipher string and see what all cipher will it allow, you can check it on F5 by putting cipher string to be use under below section. This will give you list of ciphers that will get enabled with the given string.

Mayur_Sutare_1-1676093822595.png

I would recommend you to test it first on your lower enviroments to validate the results.

You can also refer this video to get more idea on it.

Let me know if you still have any doubts on it. Thanks!

Leslie_Hubertus
Community Manager
Community Manager

@Gautam_Venna - while you're in good hands with MVP @Mayur_Sutare, if their reply isn't enough, you can see what a couple other MVPs wrote on a similar thread this week