Hello, I have the cipher suite configured in my parent client-ssl profile:
How can I only provide ONLY 256 bits ciphers and remove all 128?
Do I need to name them or is there a way to commit them in the string?
first things first, I would recommend not to edit default SSL profiles: instead, create a new one and inherit settings from defaults.
You can filter ciphers by strength with keywords LOW (64 bit bulk crypto algorithm) , MEDIUM (128-bit) and HIGH ( [ 168 bit/192 bit -- deprecated] and 256-bit ).
So your default string should be HIGH , and then exclude unwanted suites.
You can test output with command tmm --clientciphers <string> , ex. tmm --clientciphers "HIGH" or tmm --clientciphers "HIGH:!ECDH_RSA:!ECDH_ECDSA:!SHA:!RSA"