Cipher Suite Ordering

The question doesn't fully make sense as you have 10 ECDHE Ciphers in the first list and 6 in the second list. Also there are none ECDHE Ciphers listed in the second list so while the question about ordering makes sense, the examples given don't match up. Looks like you want to swap an ECDHE Cipher for an DHE Cipher in the ordering but why would you want to do that ?

Just asking the questions to try and work out what the end game should be :)

Apologies, copy and paste was wrong!

This is the list I currently have;

1. 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
2. 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
3. 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
4. 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
5. 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
6. 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
7. 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
8. 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
9. 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
10. 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
11. 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
12. 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
13. 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
14. 53 AES256-SHA 256 DTLS1 Native AES SHA RSA

This is the list I require for a customer who is adamant they want the list as below;

1. ECDHE-RSA-AES256-GCM-SHA384
2. ECDHE-RSA-AES128-GCM-SHA256
3. ECDHE-RSA-AES256-SHA384
4. ECDHE-RSA-AES128-SHA256
5. ECDHE-RSA-AES256-CBC-SHA
6. ECDHE-RSA-AES128-CBC-SHA
7. AES256-GCM-SHA384
8. AES128-GCM-SHA256
9. AES256-SHA256
10. AES128-SHA256
11. AES256-SHA
12. AES128-SHA

Which means moving line 5 in the first list, up to line 3 so that the CBC-SHA ciphers are grouped together. I can then remove the two entries in the top list easy enough, the question is mainly about ordering the list.

Their list doesn't detail TLS versions required but technically you can list the suites in a long winded format like this ---

tmm --clientciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-CBC-SHA:ECDHE-RSA-AES128-CBC-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!SSLv3:!DTLSv1'

Giving this list

       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_RSA 
 1: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_RSA 
 2: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA 
 3: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA 
 4: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1    Native  AES     SHA     ECDHE_RSA 
 5: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES     SHA     ECDHE_RSA 
 6: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES     SHA     ECDHE_RSA 
 7: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1    Native  AES     SHA     ECDHE_RSA 
 8: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES     SHA     ECDHE_RSA 
 9: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES     SHA     ECDHE_RSA 
10:   157  AES256-GCM-SHA384                256  TLS1.2  Native  AES-GCM  SHA384  RSA       
11:   156  AES128-GCM-SHA256                128  TLS1.2  Native  AES-GCM  SHA256  RSA       
12:    61  AES256-SHA256                    256  TLS1.2  Native  AES     SHA256  RSA       
13:    60  AES128-SHA256                    128  TLS1.2  Native  AES     SHA256  RSA       
14:    53  AES256-SHA                       256  TLS1    Native  AES     SHA     RSA       
15:    53  AES256-SHA                       256  TLS1.1  Native  AES     SHA     RSA       
16:    53  AES256-SHA                       256  TLS1.2  Native  AES     SHA     RSA       
17:    47  AES128-SHA                       128  TLS1    Native  AES     SHA     RSA       
18:    47  AES128-SHA                       128  TLS1.1  Native  AES     SHA     RSA       
19:    47  AES128-SHA                       128  TLS1.2  Native  AES     SHA     RSA