rolf
Jun 30, 2017Cirrus
Cipher Suite: Disable DHE / EDH?
Hi
does somebody know how to disable DHE/DSS and EDH/RSA KeyX Algorithms?
Thanks, Rolf
[root@bigip1:Active:Standalone] config tmm --clientciphers 'ECDHE::AES:!ECDH_RSA:!ECDH_ECDSA:!DES:!SHA:!SSLv3:!SSLv2'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA
1: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA
2: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA
3: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA
4: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA
5: 107 DHE-RSA-AES256-SHA256 256 TLS1.2 Native AES SHA256 EDH/RSA
6: 106 DHE-DSS-AES256-SHA256 256 TLS1.2 Native AES SHA256 DHE/DSS
7: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
8: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA
9: 103 DHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 EDH/RSA
10: 64 DHE-DSS-AES128-SHA256 128 TLS1.2 Native AES SHA256 DHE/DSS
11: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA