lostmyspaceship
Nov 18, 2014Nimbostratus
TLS 1.2 and PFS on 10.2.4
Hi guys, I have a problem enabling both TLS 1.2 and PFS on a 10.2.4 unit. Using the following string should do it in theory:
COMPAT:+TLSv1_2:EDH:!MD5:!EXPORT:!ADH:!DES:!RC4:!SSLv3:@STRENGTH
And tmm --clientcipher says it does:
0: 57 DHE-RSA-AES256-SHA 256 TLS1 Compat AES SHA EDH/RSA
1: 57 DHE-RSA-AES256-SHA 256 DTLS1 Compat AES SHA EDH/RSA
2: 57 DHE-RSA-AES256-SHA 256 TLS1.2 Compat AES SHA EDH/RSA
3: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1 Compat DES SHA EDH/RSA
4: 22 DHE-RSA-DES-CBC3-SHA 192 DTLS1 Compat DES SHA EDH/RSA
5: 22 DHE-RSA-DES-CBC3-SHA 192 TLS1.2 Compat DES SHA EDH/RSA
6: 51 DHE-RSA-AES128-SHA 128 TLS1 Compat AES SHA EDH/RSA
7: 51 DHE-RSA-AES128-SHA 128 DTLS1 Compat AES SHA EDH/RSA
8: 51 DHE-RSA-AES128-SHA 128 TLS1.2 Compat AES SHA EDH/RSA
However SSLlabs and other tools say that TLS 1.2 is not supported. Any idea what i'm doing wrong?
Thanks in advance.