Secure Cipher to use in SSL profiles
From Tech-Wiki
Revision as of 14:59, 21 February 2019 by Fabricio.Lima (Talk | contribs) (Created page with "Category:F5 Networks '''Back to Misc''' To list ciphers use the following command # tmm --clientciphers DEFAULT:\!SSLv3 A good cipher removing SSLv...")
To list ciphers use the following command
# tmm --clientciphers DEFAULT:\!SSLv3
A good cipher removing SSLv3 and weak protocols is:
DEFAULT:!TLSv1_1:!TLSv1:!DTLSv1:!SHA
Another strict/stronger option can be the one below:
ECDHE_ECDSA:ECDHE:!TLSv1_1:!TLSv1:!SHA
then only the below are allowed:
ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 49196 ECDHE-ECDSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_ECDSA 1: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA 2: 49195 ECDHE-ECDSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_ECDSA 3: 49187 ECDHE-ECDSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_ECDSA 4: 49200 ECDHE-RSA-AES256-GCM-SHA384 256 TLS1.2 Native AES-GCM SHA384 ECDHE_RSA 5: 49192 ECDHE-RSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_RSA 6: 49199 ECDHE-RSA-AES128-GCM-SHA256 128 TLS1.2 Native AES-GCM SHA256 ECDHE_RSA 7: 49191 ECDHE-RSA-AES128-SHA256 128 TLS1.2 Native AES SHA256 ECDHE_RSA