Difference between revisions of "Secure Cipher to use in SSL profiles"

From Tech-Wiki
Jump to: navigation, search
(Created page with "Category:F5 Networks '''Back to Misc''' To list ciphers use the following command # tmm --clientciphers DEFAULT:\!SSLv3 A good cipher removing SSLv...")
 
Line 13: Line 13:
 
  ECDHE_ECDSA:ECDHE:!TLSv1_1:!TLSv1:!SHA
 
  ECDHE_ECDSA:ECDHE:!TLSv1_1:!TLSv1:!SHA
  
then only the below are allowed:
+
then only the ones below are allowed:
  
 
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC    KEYX
 
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC    KEYX

Revision as of 15:00, 21 February 2019

Back to Misc

To list ciphers use the following command

# tmm --clientciphers DEFAULT:\!SSLv3

A good cipher removing SSLv3 and weak protocols is:

DEFAULT:!TLSv1_1:!TLSv1:!DTLSv1:!SHA

Another strict/stronger option can be the one below:

ECDHE_ECDSA:ECDHE:!TLSv1_1:!TLSv1:!SHA

then only the ones below are allowed:

      ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
0: 49196  ECDHE-ECDSA-AES256-GCM-SHA384    256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_ECDSA
1: 49188  ECDHE-ECDSA-AES256-SHA384        256  TLS1.2  Native  AES      SHA384  ECDHE_ECDSA
2: 49195  ECDHE-ECDSA-AES128-GCM-SHA256    128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_ECDSA
3: 49187  ECDHE-ECDSA-AES128-SHA256        128  TLS1.2  Native  AES      SHA256  ECDHE_ECDSA
4: 49200  ECDHE-RSA-AES256-GCM-SHA384      256  TLS1.2  Native  AES-GCM  SHA384  ECDHE_RSA
5: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES      SHA384  ECDHE_RSA
6: 49199  ECDHE-RSA-AES128-GCM-SHA256      128  TLS1.2  Native  AES-GCM  SHA256  ECDHE_RSA
7: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES      SHA256  ECDHE_RSA