Disabling Ciphers
Guys,
We are deploying Skype at work. The Skype team would like me to disable the "Weak" Ciphers and only enable the others. I know you can disable / enable them in the clientssl profile under Advanced. But, what is the correct context to do this?
Thank You
Here is the list
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp384r1 (eq. 7680 bits RSA) FS128 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS128
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK256
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK112
TLS 1.1 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK112
TLS 1.0 (suites in server-preferred order)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS128
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK256
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK112
@Rob, Do you want to disable only Weak cipher, which you have pasted in Question section. Let us know.