ciphers
18 TopicsCertain Cipher suites are not shown in ssl server test
Hi, I am running version 15.1.0. I configured client-ssl profile with cipher group as I need to enable TLSv1.3 The cipher group has a rule which enables certain cipher suites only: TLSv1_3:ECDHE_ECDSA+AES-GCM:ECDHE+AES-GCM:ECDHE+AES:ECDHE_ECDSA+CHACHA20-POLY1305:ECDHE+CHACHA20-POLY1305:!DHE+AES-GCM:!TLSv1:!TLSv1_1:!ECDHE+AES:@STRENGTH With this I am receiving the following into the Rule Audit tab: Cipher Suites TLS13-AES256-GCM-SHA384/TLS1.3 TLS13-CHACHA20-POLY1305-SHA256/TLS1.3 ECDHE-ECDSA-AES256-GCM-SHA384/TLS1.2 ECDHE-RSA-AES256-GCM-SHA384/TLS1.2 ECDHE-ECDSA-CHACHA20-POLY1305-SHA256/TLS1.2 ECDHE-RSA-CHACHA20-POLY1305-SHA256/TLS1.2 TLS13-AES128-GCM-SHA256/TLS1.3 ECDHE-ECDSA-AES128-GCM-SHA256/TLS1.2 ECDHE-RSA-AES128-GCM-SHA256/TLS1.2 DH Groups DEFAULT Signature Algorithms DEFAULT The problem is when I check the site into ssl labs , it gives me only these ciphers : Cipher Suites # TLS 1.3 (suites in server-preferred order) TLS_AES_256_GCM_SHA384 (0x1302)ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_CHACHA20_POLY1305_SHA256 (0x1303)ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_AES_128_GCM_SHA256 (0x1301)ECDH secp384r1 (eq. 7680 bits RSA) FS128 # TLS 1.2 (suites in server-preferred order) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca8)ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)ECDH secp384r1 (eq. 7680 bits RSA) FS128 TLSv1.3 is enabled into the client-ssl profile no-tlsv1.1 no-tlsv1 I also have serverssl profile attached to the VIP. Cannot find a way to see ECDHE-ECDSA into the ssl labs...Solved3.2KViews1like8Comments