RayThomsen_7557
Jan 13, 2015Nimbostratus
SSL Profile cipher elimination
A customer reported having used a Nessus scan to detect "vulnerable" ciphers being allowed on their virtual. They requested I restrict these ciphers:
EXP-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; DES-CBC-SHA; RC4-MD5; RC4-SHA; RC4-SHA
I attempted to do this by adding this statement to the cipher field of the SSL profile:
DEFAULT:!SSLv3:!EXP-DES-CBC-SHA:!EXP-RC2-CBC-MD5:!EXP-RC4-MD5:!DES-CBC-SHA:!RC4-MD5:!RC4-SHA
However, I recieved an error of:
Invalid keyword 'cipher_name' in ciphers list for profile /partition_name/profile_name
for five of the six ciphers, only RC4-SHA was allowed. How do I restrict these other ciphers?