3 Replies Latest reply on Nov 6, 2015 10:14 PM by abhishek1388

    Disable weak SSL ciphers <128bit

    scott.mitchell Hot Shot
      Is it possible to disable weak SSL ciphers on both the webserver and the agents?

      I would like to disable anything less than 128bit.

      Thanks,

      Scott


      Here is the list of SSL ciphers supported by the remote server :

      Low Strength Ciphers (< 56-bit key)
      TLSv1
      EXP-EDH-RSA-DES-CBC-SHA Kx=DH(512) Au=RSA Enc=DES(40) Mac=SHA1 export
      EXP-DES-CBC-SHA Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
      EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export

      Medium Strength Ciphers (>= 56-bit and < 112-bit key)
      TLSv1
      EDH-RSA-DES-CBC-SHA Kx=DH Au=RSA Enc=DES(56) Mac=SHA1
      DES-CBC-SHA Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1

      High Strength Ciphers (>= 112-bit key)
      TLSv1
      EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
      DHE-RSA-AES128-SHA Kx=DH Au=RSA Enc=AES(128) Mac=SHA1
      DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
      AES128-SHA Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
      RC4-MD5 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
      RC4-SHA Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1

      The fields above are :

      {OpenSSL ciphername}
      Kx={key exchange}
      Au={authentication}
      Enc={symmetric encryption method}
      Mac={message authentication code}
      {export flag}