Forum Discussion

sandip_kakade's avatar
sandip_kakade
Icon for Nimbostratus rankNimbostratus
Oct 28, 2021

How to disable and enable specific weak/good ciphers In SSL profiles. How to achieve this .

Please enable the below mentioned two strong ciphers and TLSv1.3 in state filing application

 

TLSv1.2 cipher TLS_RSA_WITH_AES_128_GCM_SHA256

TLSv1.2 cipher TLS_RSA_WITH_AES_256_GCM_SHA384

 

Also, remove the below weak ciphers

 

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

TLSv1.2 cipher TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

TLSv1.2 cipher TLS_RSA_WITH_AES_128_CBC_SHA

TLSv1.2 cipher TLS_RSA_WITH_AES_128_CBC_SHA256

TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA

TLSv1.2 cipher TLS_RSA_WITH_AES_256_CBC_SHA256

TLSv1.2 cipher TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

TLSv1.2 cipher TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

1 Reply

  • Hi sandip kakade,

    In client ssl profile:

     

    TLSv1_3:AES128-GCM-SHA256:AES256-GCM-SHA384

    With this cipher suite, the following ciphers will be usable.

    TLS13-AES128-GCM-SHA256/TLS1.3
    TLS13-AES256-GCM-SHA384/TLS1.3
    TLS13-CHACHA20-POLY1305-SHA256/TLS1.3
    AES128-GCM-SHA256/TLS1.2
    AES256-GCM-SHA384/TLS1.2

    IANA name:

    TLS_RSA_WITH_AES_128_GCM_SHA256

    OpenSSL name:

    AES128-GCM-SHA256

    IANA name:

    TLS_RSA_WITH_AES_256_GCM_SHA384

    OpenSSL name:

    AES256-GCM-SHA384