Forum Discussion
Kevin_Stewart
Sep 04, 2013Employee
I'd first direct your attention to Jason Rahm's excellent article on cipher suites:
SSL Profiles Part 4: Cipher Suites
You can actually see what the ciphers are from the command line using the following command:
tmm --ciphersuites 'filter'
where 'filter' is what you're looking for. Steve is absolutely correct that the cipher suite itself doesn't include TLS or SSL, as that's the protocol. So to narrow down the SSL cipher to just "TLS_RSA _WITH_3DES_EDE_CBC_SHA", first do this to see what that would look like:
tmm --clientciphers '!SSLv3:!DTLSv1:DES-CBC3-SHA:@STRENGTH'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
1: 10 DES-CBC3-SHA 192 TLS1.1 Native DES SHA RSA
2: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
I think this is what you're looking for, so then use that filter in your client SSL profile and test:
!SSLv3:!DTLSv1:DES-CBC3-SHA:@STRENGTH