Forum Discussion
Jan 27, 2015
Hi vysakhv90,
how does your client-ssl profile look like? What TMOS version and hotfix are you using? You can test valid cipher strings for your client-ssl profile on CLI by entering i.e.: tmm --clientcipher 'DEFAULT:!SSLv3'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
1: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
2: 53 AES256-SHA 256 TLS1.1 Native AES SHA RSA
3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
5: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
6: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
7: 47 AES128-SHA 128 TLS1.1 Native AES SHA RSA
8: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
9: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
10: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
11: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
12: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
13: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
14: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA
15: 5 RC4-SHA 128 TLS1.1 Native RC4 SHA RSA
16: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA
17: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
18: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1 Native AES SHA ECDHE_RSA
19: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.1 Native AES SHA ECDHE_RSA
20: 49172 ECDHE-RSA-AES256-CBC-SHA 256 TLS1.2 Native AES SHA ECDHE_RSA
21: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
22: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1 Native AES SHA ECDHE_RSA
23: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.1 Native AES SHA ECDHE_RSA
24: 49171 ECDHE-RSA-AES128-CBC-SHA 128 TLS1.2 Native AES SHA ECDHE_RSA
25: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1 Native DES SHA ECDHE_RSA
26: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.1 Native DES SHA ECDHE_RSA
27: 49170 ECDHE-RSA-DES-CBC3-SHA 192 TLS1.2 Native DES SHA ECDHE_RSA
Thanks, Stephan